A couple of frequent mistakes with signin which are usually caused by junior product owners/ux persons not reflecting on what they are doing and blindly copying what they believe is the way to do things.
- Having confusing language and poor differentiation between the sign in and sign up form. Symptom, users start filling in the wrong form only to realize their mistake.
- Separating the password from the email field with an extra mouse click sucks if you are using a password manager. Doubly so on mobile where using password managers involve a bit of fiddly interactions. Having to do this twice sucks. If you do this, at least have one of the fields in the dom tree but hidden so that it gets filled with one click via your password manager.
- Not making the login form password manager friendly my not sticking to conventions for field names for this.
- Defocusing input fields in the middle of typing login information
I guess i'm in the minority these days but I like to keep strong passwords in my head.
This usually happens due to some side effect of the login page being absolutely fucking massive and not fully loading or executing before I start to fill in the form, then one of three things usually happens in order of frequency:
1. cookie banner blocks input and defocuses
2. it defocuses for no apparent reason (I suspect MVC "rendering")
3. it "helpfully" re-focuses on the first input element
The last one is the most annoying because in the worst case i type my password in visible text.
Only login I regularly use that does not suffer from this problem (or any others!), is HN:
I use Surfing Keys, a vim-like plugin for browsers. When inputs defocus unexpectedly while I'm typing all of the navigation shortcuts kick in and it's like "roll a d100 to see which random negative consequence you get." Usually I at least lose the page that I'm on and I have to start the form over.
This reminds me of when certain browsers used to emulate IE by mapping backspace to "go back". I lost so many forms to that feature before Safari came up with the "are you sure you want to leave without submitting this form you started filling out?" dialog and they copied it
Since I started using facebook (2010) until today, it happens to unfocus and is very weird. If I go to login page, start typing my email very fast, it lose focus after 1s even before I finish typing.
> Separating the password from the email field with an extra mouse click sucks if you are using a password manager.
If I understand correctly, the reason behind this pattern is SSO.
Most websites are gaining SSO capabilities. Before asking for your email/user, they don't really now if you're gonna login using password, or you should be redirected to an IdentityProvider.
I'd be happy to know if there are better patterns here but I think password managers should get a bit smarter and work with this trend.
Honestly asking, what's wrong with "Password (Leave empty if you're using {Name of SSO}): ____"?
If you are going to tell that may confuse users, I think not having a password field is already confusing the other half, while also not being password-manager-friendly.
I don't think making the user read instructions is the solution. Most (myself included) will begin typing before they finish reading.
The current trend to only show the password box after the username is provided doesn't have to be bad for password managers. I use loads of sites that do this (so they can support SSO) and they just use hidden form fields so the password managers know what to do.
I'd be curious to hear any suggestions you have for password managers to improve here though. I can't think of anything short of a .well-defined login route.
My company uses an SSO provider with Google Workspace. Most employees have no idea about any of that, they wouldn't know and probably would type their company password there.
Firefox also handles every one of these perfectly. I assume there is a hidden password field already but whatever it is it doesn't cause me issues other than an extra click.
They could just check if the username needs to be redirected, and if they do then ignore the password. It wouldn't be that hard.
The only downside is the user submitting a password they dont need to, but if you're using js you could post the username first and only post the password if needed. That would be the same exact process, except from the users perspective it would be seamless. You could even have it check the username as they type, and lock the password field if its not needed.
this is exactly the sort of thought process that leads to terrible login flows. yes, it's technically possible, and it works for you.
but the login flow is one area of your product that needs to work for everybody. There's plenty of features that can be tailored to a power-user workflow because they're the only people that will see it, but the sign-in flow is not one of those. any confusing UI in your sign-in flow is going to confuse your least-confident users. and asking people using Facebook Sign-in to enter a password when they haven't ever set a password for your site is extremely confusing. all just to save a couple keystrokes for the most-technically-competent users.
Well for facebook, and any other big ones they could just click "sign in with facebook" thats common enough.
The problem is when you have a bunch of enterprise customers and you're not sure which custom login to use, and you dont want to list all your clients.
Ideally, this is solved by the client company telling its employees to use an internal link that authenticates and redirects. Though I'm sure not all clients are capable of this, and still want to use SSO. In that case, I think my solution is much nicer than requiring a two step login.
I could see a lot of large companies that integrate with other B2B sites recoil in horror with a UI that encourages employees to enter their corporate email address and a password. Many employees would use their corporate passwords.
Most websites I've used where this is a thing, definitely don't do this. All the projects where I dealt with PMs / designers insisting on this they would not even had a clue about what SSO was or how it impacts their UX. There are plenty of websites out there with sane login flows.
Passwords work off well publicized naming conventions. That's why they work on the vast majority of websites. The problem is junior developers not knowing that is a thing getting creative with naming things. No-one on such projects even thinks about testing this or pointing out to their PMs that this does not work. 9 out of 10 times you'd get the response to "please fix that". Because why would you not.
Right, often those sites have customers with different SSO systems. I type my company mail address and am redirected to company SSO.
I like this more than other sites where I have to find the right button between different login options (sign in with google, sign in with facebook, sign in with sso, ...) and then have to type the company name ... whatever might be the choice the admins did there that time ...
I also think that approach was initially created by Yahoo! So they could shown the user's avatar on the password page to prove authority. Not sure whether that still is a thing somewhere, considering that a recent trend is not to verify whether an account exists ...
This is always still annoying since you type in your email, then get sent off to your SSO page - and they can never be bothered to post your email over, so now you have to enter it again.
I don't know if all of the SSO login sites do this, but Office 365 authentication makes it a huge pain in the ass to get back to the page that you tried to login from; usually you get dumped back to the home page, and have to try to navigate back to where ever it was you were.
Azure Active Directory does not make it easy to do this, with the way you have to explicitly whitelist post-back URLs, or else you get the dreaded login.microsoft.com 401 page of death, where you have to parse out information buried in the query-string to determine why you didn't get redirected properly (usually it is a trailing slash on the URL... %2F)
Agreed. It always seemed to me as analogous to the situation whereby one enters some identifying information in a phone prompt, only to have to spell it out again for a CSR. Both are just plain bad design.
At the last big subscription company I was at, it wasn't a product owner seniority thing, it was a organizational problem.
Signup is a big thing with lots of stakeholders and interest. User acquisition is an easy metric to track for business health. Everyone wants to push not-logged-in users to sign up.
Ownership of logging in was much less clear. It's not a full time job for a person or team in the same way customer acquisition is. So you put some buttons/links on the page, but then there's no single owner of them to get pissed off when other teams start moving their shit around.
(The other aspect here is that the website was a declining platform compared to the apps, where a not-logged-in user is much more captive and there's a more obvious single "login or signup" landing page point. On the web most media sites, at least, try to provide SOME sort of preview/partially functional experience version of the logged-in view, which wasn't designed with a prominent "SIGN IN" button in mind.)
This is what is screams to me. When I have a hard time finding the sign-in link it says "We don't care about our existing users, we only care about getting new ones." It is a big red flag for me these days.
Even if password managers handle the two-page scenario you still have the delay of loading the second page. On high-latency connections this is a major problem.
from the meeting where it was explained to me that we couldn't use "login", it is too technical-sounding and not friendly enough. "log in" is computer language, "sign in" is human language.
What is the origin of sign in? I imagine the old days when you needed to sign a book when entering premises? Is this the floppy disk for save action of web jargon?
As I said, English is not my native tongue. Choose whatever synonyms are appropriate. Even google translate gets confused. If I enter "sing in" it translates it to Spanish as "registrarse" which is actually "sign up"! How about using enroll, or register instead of "sign up"?
When you receive an invitation to a server, you're presented with a textbox that reads "What should everyone call you?" and you're unknowingly creating a new account. Then you're asked your birth date and then for your email. You type your email and it's already used, obviously.
By this point you don't want to go through the whole process of deleting your browser history to log into your existing account, so you go along with the new account thing and use another email address.
Before you know it, you have 5 different accounts and don't remember which ones you use for which servers.
Yes, there is a "use existing account" link, but it's not prominent, the "What should everyone call you?" textbox with the big "Continue" button are the only psychologically viable option unless you've already gone through the whole process of involuntarily creating many accounts.
And when you access the site directly, you are always shown the front page which is basically a full-screen ad and serves no other purpose than user conversion. Furthermore, the sign-up link literally says "Open Discord in your browser" which can be read as "go to the app".
Ideally there was one single email address field and a combined sign up / sign in button that either took you to the password or new account creation dialog. If you're concerned about privacy implications, do realize that user signup forms leak the very same information.
I think discord is great but I do agree with you. The whole "join a new server" UX is in this weird place where you might not use it that often (even if you are a heavy discord user), discord having an unusual concept of servers, combined with the flip-flop dance between browser and native app.
The end result feels slightly off. Like I can't say what should be happening, but what is actually happening feels not quite right.
I had to create a Slack account to interact with a vendor support team. Run into that mess and can't for the love of god find a "manage all your accounts" interface on Slack. It's insanely counter-intuitive.
I'll avoid Slack as much as possible unless they fix this evil UX.
it took me until right now to realize that this happened to me, and that I've been using the wrong account for the last six months and I actually have two accounts... so really, at this point my "wrong" account is my real one.
The reason it happened is b/c I use email aliases for stuff I sign up for, and sometimes I forget them...
I'm about ready to unsubscribe from the LA Times for this BS. They seemingly invalidate my login every day, then when I get linked to an article, a huge pop-up obscures the article while reading it, and despite paying them for this damn service I can never even find a way to login.
And if you do this to people just because their cookie went stale, then is this really a customer that you want to remind that they don't use your service enough? A customer that is happy paying the bill every month but doesn't use a ton of resources?
It reeks of really bad optimization of metrics: do everything possible to increase conversions, at any cost to the rest of the business. That sort of desperation is not good for retention.
I don’t get it either, this is why I stopped reading the LA Times (I should probably cancel my subscription). On the other hand, I can’t remember the last time I logged into NYTimes, it just works (that’s why I read it daily).
I'm not sure who owns the LA Times but it seemed like for a year you had to randomly login to any of the Advanced Media owned newspaper websites. Seems like a simple issue to fix. Maybe it wasn't.
Twitter or other chat apps or web-based link aggregators, but not Facebook. When in an app on mobile, I usually launch the native web browser from the Twitter browser. I almost wonder if some of the link parameters log me out some times...
>I'm about ready to unsubscribe from the LA Times for this BS.
At this point, I just naturally assume that newspaper websites are unusable. They certainly give ad-blockers a workout. Once you get through all the cruft candy I especially like the paywalls with the several second delays.
The login link is consistently in the bottom left of the popup for me, though I also wish it lasted longer.
Some of this I suspect may be related to browser privacy settings these days, as the "Remember me" checkbox to avoid hitting 2FA for my bank accounts basically no longer works for me either these days? Some 3rd party cookie collateral damage?
Password manager makes it pretty painless anyway, though.
This is so common nowadays that for many sites I have the direct login page bookmarked. It indirectly implies that once you sign-up, the company stops caring about you. At-least for me.
There are some websites that are both super aggressive about timing out your session and also make you play hide and seek for the login button. Of the sites I use frequently UPS used to be about the worst offender but the most recent version of their site does have a usable login link.
Vanguard is another one that drives me up the wall. Going to Vanguard.com doesn't have a sign in area to autofill with a password manager; you have to go to the personal investors page. And sessions are hard limited to 15 minutes so you have to jump through these hoops every time. I have the correct page bookmarked but even on that page the log in boxes don't appear until half way down.
Even the solution in the article seems to suggest using cookies.
I don’t understand the problem, if people want to try or sign-up for your service they’ll locate the signup button. That’s a one time problem. A hidden login button just annoys existing customers.
My feeling is that this is down to testing without privacy in mind. Your site might be fine, but others aren’t so a minority of users will clear cookies at the end of each browser session. That’s not a senario most will test for or experience.
It implies that because it’s literally true. Not a complete loss of care, but it makes sense to hide the sign in button because users who are already signed up are already invested, and less likely to abandon the service. The front pages main job is to grow the company by attracting new users, and a sign in button for users who aren’t going anywhere anyways gets in the way of that.
Inconveniencing either current or prospective customers never ‘makes sense’. It’s not like you have a fixed amount of inconvenience you have to distribute.
You have a fixed amount of screen real estate on the landing page. Distributing it to your most important users for that page (prospective users) does make sense to me.
Is the solution presented in the blog to utilize a cookie to determine if someone is a prospective user versus already a user not an acceptable compromise?
It seems rather straightforward to me, from their example, to de-emphasize the "Sign Up" button and prioritize the "Sign In" button for someone who already has an account.
While that may be the case (I'd also argue that the front page should be a welcoming place for existing users), showing me that you value your existing users is a great marketing move.
It's otherwise very hard to convey that you care about existing customers so this seems like a no-brainer.
The trend of the not having a log in button and only a sign up button, requiring multiple clicks just to login. I get that less friction for a new user is better being the thinking but I truly hate having to go through multiple pages just to sign in.
What happened to having sign in/sign up being on the same page? Seems the simple and easy, as well as lowest friction way of splitting the difference between new and existing users.
Ahhh. I miss the days of the username and password being on the same page! I refuse to believe that the average internet user gets confused by a two field form that they need to break it into two (usually slow) steps. Re-architected in (usually flaky) javascript. That takes up (always more) of my time!
(sorry for the !!!'s. but this one really gets my goat)
This one is a significant failure of our entire industry. We've somehow accepted that degrading user experience because of an implementation detail is good instead of working together to hide that implementation detail by implementing the necessary browser functionality.
We already have technologies such as Kerberos that are supported in every browser and seem like they would solve this problem.
In any case, as a website operator you can mitigate this. Have separate pages for SSO/non-SSO, dynamically hide the password field if the username is associated with an SSO provider, or just ignore the password field and have a subtitle along the lines of "leave password empty for SSO accounts".
It's not obvious to me that it's an improvement to have an extra textbox that goes away moments after you type in your email address (possibly after you've tabbed into it to start typing) or an extra textbox that just stays there unused.
Can’t you detect it client side? Send the contents of the username field to the backend, if it’s SSO change the password field to “login with ssoprovider.com”
It's even worse user experience since things change as you type (you have to wait for network round trip so it's not instant), plus password managers are still confused.
A handful of websites I visit periodically have username and password fields readily available....but they are registration forms not login forms, and if you put in your existing credentials, it’ll just tell you that you already have an account and should log in instead. You couldn’t just, you know, log me in with the information I just provided instead of telling me to provide it again on a different page? Drives me up the wall!
I'm familiar with a few sites which used to be this way with the login form directly on the homepage, and removed those fields during the internet's transition period from HTTP to HTTPS for all pages. Browsers started flagging pages which included password fields as insecure, even if the form containing them submitted via HTTPS (which was arguably a fair assessment). The solution for many sites at the time was simply to move all login to a distinct page which was served over HTTPS, and leave all other pages as HTTP. Back in that day the opinion of many site operators was that HTTPS was going to tank advertising revenue, so they avoided it whenever possible until the browser vendors forced their hands.
In many cases the homepage login forms took years to come back, after we got to a point where virtually every site was all-HTTPS on all pages. In some cases they never did.
More clicks to log in than sign up is annoying, but what really bothers me is when they don't make it clear that the page brings you to both. Like if the button only says "Sign up" I'm going to look around for a bit for a "Log in" button first. If they're going to combine them, the least they could do is make it say "Sign up/Log in"
I'm sure UX research shows that the login button is seldom used on a particular site, therefore not that important.
Why seldom used? Because you stay logged in for a long time.
Is UX bull on this issue? Maybe, but if you are logged in for a long time, and then you come to log in when you've been logged out, it might be that you accept the lousy experience on this issue because you actually want to use the site... all that said I wouldn't care if the UX research suggested it was a good move. I wouldn't do it (on anything I owned, I would just argue against it if asked to implement it)
UX research also shows that one of the most important things is consistency. Internal consistency as well as consistency with other websites the user is familiar with.
99% of sites don't have so many features and sections that they'd need to omit some of them from the landing page. But for some reason they think replacing UI elements with screen-filling fancy animations and a lot of empty space inbetween is somehow a good thing. I never saw any upside in this.
I have a short attention span and am easily distracted, and modern UI trends are catastrophic from my perspective. I don't care about a fancy "hero area", just give me a menu bar that stays in the same place and gets me anywhere I need.
I love this pattern - I think it was Slashdot I first saw it on - but it still suffers from the same problem. What do you label the button - "sign up / login"? It's still easy to miss that it's also for login when scanning.
I personally definitely agree with "Don't make customers hunt for the Sign In button on your website", since I find that so annoying. I've come to expect this annoying behavior especially from Y Combinator companies, ever since I read Paul Graham opining that companies should actually emphasize the trial/test-drive button, and deemphasize the sign-in button. He said that's what Viaweb did, and they thought it made better business sense. I just now tried a bit finding the essay where he states this, but I gave up. Maybe someone here will offer it.
Would it not be better if they found a different way to differentiate between the "Sign In" and "Try it FREE" buttons altogether? By using that cookie approach they've just introduced some inconsistency that may not be clear to users - e.g. you're on a different device (or an in-private window, or you cleared your cookies, or on a browser you don't normally use, etc) and you click the highlighted button and it takes you to a sign-up form instead of a login prompt.
While they say "Don't make customers hunt for the Sign In button...", they've implemented "Sometimes make customers hunt for the Sign In button..." which is arguably worse. It's good that someone else has identified this as a problem (it's annoyed me for a while) I just don't think this solution knocks it out of the park.
This is becoming more and more common with major sites, and it’s really bloody annoying. Some are putting “Sign In” behind some tiny dropdown in the nav, not just grayed out or small but invisible unless you hunt for it.
They know exactly why they’re doing though, and I think OP is preaching to the converted. Those doing this don’t need a tutorial explaining how not to do it, they need to lose money (users) until they stop doing these dark patterns.
They probably have metrics suggesting that having both sign up and sign in buttons on the page leads to lower sign up rates than having only a sign up button, or something along those lines.
Rather than find a more in depth/better designed solution, it's easier just to remove the "sign in" button and any "confusion" that might cause for users who would otherwise complete the sign up workflow. If their A/B testing indicates that removing the button improves sign up rates, that's exactly what they'll do.
It's super-annoying and short-sighted - not to mention lazy - but this kind of micro/over-optimisation of behaviour on the web has been de rigeur for at least a decade now.
A better approach would be to try to understand why "confusion" around sign up/sign in is happening - i.e., what's the real reason having both buttons/links on a page decreases sign up rate? Root cause the issue and you can fix the real problem in a way that probably doesn't annoy your customers. That's effort though and most customers probably don't care enough to complain about the annoyance of hunting around for a sign in button or link.
I’m not sure why a site would recommend making an extra click easier when it’s not necessary at all. If someone has ever logged into your site, they should get a login page so they don’t have to do some extra tap. This is triply true if your site is frustratingly slow to load.
Also:
Support password managers. Your damned custom login page BS might be cute in design but sucks for usability. If your site doesn’t work reasonably well with a password manager I won’t come back. US Bank lost my business this way recently.
Related: Have sane password requirements and limits. If my password manager gives you a 32 character password, don’t bitch because it doesn’t contain a number or uppercase character. It’s 32 characters long and unguessable, that should be enough. Also... if you fail because there is an underscore or ampersand, you’ve failed.
English is my native language and I still call it "login" and "register", the words which were originally used and which I do not see any reason to change.
Heh, there was a time when Microsoft’s Polish translators (who I’m mildly convinced are robots in disguise) decided “Sign in” should be translated as „Zarejestruj”. Which is what everyone else called the “new account” button. They managed to fix it since then to a much more reasonable and much less confusing „Zaloguj się”.
Translators for the Dutch version of Windows 10 are definitely robots. For example, in the save webpage dialog of Edge, they translated “Webpage, complete” to “Webpagina, voltooid”. Voltooid means completed, as in a completed task. The correct translation would have been “Webpagina (volledig)”.
Similar errors are often found throughout programs new with Windows 10 and sentence structures are directly copied from English. I have never found a single error in Windows XP/7.
I think Windows translators are real humans, because quality is much better than whatever Bing Translator spits out (seriously, who thought it was good idea to automatically redirect to Bing-translated MSDN pages), but translated completely without any context. For example, task manager now have RAM "Form factor" translated as "Współczynnik postaci"...
GitHub is awful for this. If you're not signed in, the whole page is taken up with a giant signup UI, then in the top right there is another signup button. Next to the signup button, there is a sign-in button, but it has no border and is so deemphasized that if you don't know it's there it blends into the other useless links in the top bar.
I swear, designers and developers are un-learning how to build sites. Things that used to Just Work on the web (sign in, scrolling, load speed, etc.) now merit an article.
Every new generation has to either learn from the past or reinvent from scratch. The web has always had lots of cargo-cult copying of processes, because the most influential sites always get copied in order to try to be more familiar.
And with the overwhelming complexity of current front end web tech, it seems there's not much time left to put into thoughtful user experience.
It’s less about un-learning and more about the entire market changing, compromised by seemingly-endless VC money that rewards growth and “engagement” more than actual profits derived from value delivered to users.
Nowadays a large chunk of online services’ objective is more to “engage” you and sign you up to some bullshit newsletter or sales call rather than actually provide you a service that you’d be happy to pay for. Marketing has become the primary objective, with “deliver value to the user” a neglected side-effect.
See, I believe this is not a good enough argument.
This would be the same as excusing falling bridges and crashing planes on whoever's money speaking louder.
If the people who actually _build_ anything – the actual developers, engineers, etc. – don't build things up to standard or can't manage executive expectations, there's no hope; we'll live in a capitalocracy ruled by MBAs.
People building things need to care about the crap they ship because they'll have to use it too. There's way too many people in the industry not caring, just happy to collect a paycheck.
This is what happens when everything is metrics based. Your paying customers pay the price. This happened with Loggly when solar winds bought them. We no longer use Loggly.
I think changing the button styles based on cookies is not a good thing either, it just adds a new kind of confusion. Just keep the style consistent, give the login and sign up buttons a clear distinct style and keep it that way.
Plex’s responsive design hides it at the bottom of their hamburger menu in super low contrast gray-on-darker-gray text when your window is less than maybe 900px. It’s literally like they’re trying to hide it.
I keep my windows in a grid and I end up just making my window wider because it’s easier than using their god forsaken hamburger menu.
This is one of several reasons why I would never consider paying for Plex Pass again. The other reasons include spending a LOT of resources on rolling out features I imagine few users are likely to be interested in, such as DVR.
I wouldn’t go that far. I subscribe to Plex Pass happily mostly to support financially a service I adore and use daily. Features I don’t use don’t hurt me and they give you the option to disable things you don’t use.
The login button is just hard to find on the homepage.
I was wondering if I was going blind for a while, staring seconds at websites trying to find where to login. Now I do what 'the computer illiterate' have apparently done for years; never go to the sites themselves, just put 'DigitalOcean login' etc in the addressbar (duckduckgo(or google)) and there you are.
And if you don't have an adblocker installed, the first 5 results will be adds which will get you to the home page, not the login page. At least in this case you make them pay for it.
This kind of thing really bothers me - it's like a symbol for how little they care about existing users.
I feel like there should be some specific name for this kind of thing - design patterns that target new users and suck for existing users. Honeymoon feature?
'First hit is always free' feature? Maybe just 'First hit'? I'm bad at naming.
---
"As they approached the city they could see enormous walls surrounding it. Jonathan noticed a guard standing near the entrance to the city. The guard was shouting, “Sign Up! Sign Up! Sign Up!” and then more quietly, “or Log In.”"
That seems to be the way modern business works. Entice new customers with great offers and then neglect existing customers while milking them for money. Cable is like that. Cell phone plans are like that. With my car insurance it was the same. They raised rates every year so after 15 years I switched companies and now I am paying half the premiums. Even companies are like that with employees. New people are getting big raises for joining and people already there are getting 1% raises per year.
It seems loyalty is for suckers these days. It used to be that long time customers and employees got rewarded. Now they are being punished and exploited.
Another annoyance is when you can’t access their landing page until logging out (like visiting example.com redirects or just hyperscripts you into the dashboard if a session cookie exists). You log out, look for the info and then search for a login div again, where you have to spend another minute differentiating between the “bring on”, “chime in”, “lay along”, “sing in”, “growl at”, “give up” and other low-contrast cretinisms in place where explicit login and register links should be.
You know, that's an odd thing. Pre-hoi polloi internet, there was an awful lot of push for interface standards on PC/workstation/Mac software. After the gold rush occurs, practically everyone's webpage displays the kinks of the developers or some toolkit. From a user's standpoint, there's not much value-added here.
I'm surprised so many folks are saying DigitalOcean is bad at this in the comments.
Their home page on a desktop has 2 equally sized sign in and sign up buttons in the top right. The sign up button is filled and the sign in button is outlined. In mobile view it's pretty bad, they still show both buttons side by side but they're buried under a hundred miles of product links.
Besides the buttons being pushed so far down on mobile, is that design really hard to find the sign in link -- specifically on desktop?
Interestingly enough Stripe has only a sign in button in their nav bar https://stripe.com/ for non-logged in potential customers. I just checked with an incognito window. I guess they determined users who sign up mostly come from the main area of their home page or through another page reached from their nav menu (products, use cases, etc.), not so much from a sign up button near the sign in button.
If you shrink the website to half your screen width, the "Sign In" button goes away, and there is only "Sign Up".
You can get to "Sign In" by clicking the burger menu and scroll sufficiently far down, or by searching. You can't find it by simply searching on the front page, or by just clicking the burger menu. I guess that's what people mean by "having to go hunting for the sign in button".
> If you shrink the website to half your screen width, the "Sign In" button goes away, and there is only "Sign Up".
Interesting, I don't see that here. I wonder if they're A / B testing layouts and my IP is locked into a specific choice.
If I open the page in Chrome or Firefox I see both buttons side by side and then if I slowly make the window smaller (starting at 2560 width btw), it eventually gets to the point where both buttons disappear inside of the hamburger menu when the buttons get too close to the left nav. The sign up button is never visible on its own.
This pisses the hell out of me becuase, due to my privacy settings, I end up on their homepage a lot. Evidence just for records: https://imgur.com/a/HfF9vUJ
Don't make customer hunt for anything on your website.
Prioritize features (ideally based on studying user behavior), and make those features present and accessible. Hide the rest, if necessary, behind some menu system or toggle.
The minimalism trend (perhaps a reaction to the early amazingly busy Amazon UI?) has gone too far. One great (bad) example of this is Parabol.co. We use it at my company, and it provides just the right set of features we need. But for providing a relatively small feature set, it seems to go out of its way to make it difficult to know how to use those features. I only mention them because they are a good example of this, but there are countless other services that have user hostile (or frustrating) interfaces.
A tiny button is far from the worst: try logging into your paid account on the mobile website of a service that not only has a free tier but also an app! (I'm looking at you, Strava)
I just decided to stop pursuing a home loan with a company because of a few anti patterns like this. The first was there was actually no “log in” button whatsoever. You have to click “create an account”, and _then_ there’s a log in link.
The second, more fatal anti pattern is not allowing paste in the password field. There’s simply no way I’m going to memorize random 30-digit password for your website. (I had to use dev tools to actually paste the password). Even though the APR was good we moved on.
My pet peve are paid services only showing the limited-promotion-price, a discount is nice of course but I want to know how much that will cost me in the long run.
I don't understand; the article says don't hide it, then the article shows a sign in link that uses a dark-pattern non-button sign in link next to a button. Visually I would have missed the sign in link until I took a second or even third look. The UI that changes based on some practically random variable (the cookie being present) is disorienting.
This drives me nuts. It feels the same as the insurance company's phone menu asking if you're interested in purchasing a policy or submitting a claim, where the former choice get you an instant human being and the latter a 45 minute wait. In other words, it signals that you're more interested in signing up new customers than serving your current customers.
> insurance company's phone menu asking if you're interested in purchasing a policy or submitting a claim, where the former choice get you an instant human being and the latter a 45 minute wait
Insurance (in my experience at least) seems like this astonishing scam where they collect premiums for years and then as soon as you try to collect on a claim they refuse to pay and cancel your policy.
Fitbit does something related - the url for your tracking dashboard is just fitbit.com, but when you go to fitbit.com, it's just the frontpage of the website; until you log in, and then navigate to your dashboard again.
This makes it very clear that 1: fitbit wants me to use the app, and 2: fitbit wants to sell me stuff more than they want to help me.
also please call it "log in" and "sign up" not "sign in", don't make users work to use your products, buttons starting with the same word are slower to parse.
https://headspace.com/ is such a good example of this, login button is in probably the worst possible place on the page. And to make it even worse your login sessions are invalidated almost every day so you _have_ to login every time you use the website.
A bit out of topic: the OP mentions using Tailwind.
I've peeked into the dev tools to see how Tailwind is used there. And since I'm advocating against using Tailwind, this page seems to be a perfect example what problems it brings to the table. Plenty of elements had to use custom classes to randomly overwrite some Tailwind classes here and there (like .display-3 and .main-headline) or completely avoiding Tailwind, like for the #recovered-revenue-main.
It just shows that Tailwind did not solve issues it was claiming to solve, at least in this project. And I guess it must be a pain to maintain this project since PR reviewer and other coworkers now have to know Tailwind by heart to figure out quickly what really got overwritten and why.
Totally agree with the diagnosis of the problem but not the solution. I don't think switching the color is good UX—if I know the top of the page has a big green button', I'm not going to expect that button to have conditional behavior.
SaaS websites, don't make visitors hunt for what the hell the service does.
It's somehow hard for many SaaS websites to clearly explain what their service does. I often have to dig into multiple pages to figure out what the service does.
For my game site, I didn't want people to have to deal with passwords. I first tried to use google/facebook signon, but I found the code to be annoying to maintain (google and fb would change their APIs on a whim and really obscure the location of their settings for reasons unknown) and even my friends would rather not use those services. At some point I decided instead to just automatically sign people in and give them auto-generated usernames.
I find it hilarious that this article is on a SaaS site's blog and has no sign-in button. Maybe I missed the "why this doesn't apply to this site" portion of TFA, though.
For https://sqwok.im, I explicitly placed the login/signup prominently at top right for all users on mobile and desktop because I want it to be clearly visible always. I could see some value in detecting whether the user has already created an account and highlighting the "login" portion like the author has.
There’s a business service site I have to log into once a month who’ve hidden the login behind a drop down and it’s really annoying!
Your site is really slow. I honestly thought it was broken when I first went, no login link to be seen at all.
This is why you should avoid making a SPA unless you know what you're doing, if you're going to use one at least put a spinner or something so it's clear the site's doing something.
> This is why you should avoid making a SPA unless you know what you're doing
The site doesn't have much traffic right now and is running entirely on serverless lambda, it's likely you arrived while it was idle and had to wait for it to wake up...
> at least put a spinner or something so it's clear the site's doing something
def should improve the loading state for when it hasn't woken up yet.
No login link, just a series of grey lines, even after I enable javascript. Ah, I see you require that I accept cookies just to to view your front-page ...
I hate this so much. They've all copied each other to the extent that having a hidden sign in button is requirement for a "modern" site.
Back in the day it was the other way around. Sign in was primary and sign up was secondary (often accompanied by something like "don't have an account? Sign up"). You just know some busybody UX person saw that and argued this was bad for new members. Well now you've just screwed it up in the opposite direction. Well done.
This is about the most agreeable HN post I've seen in months. WHY? Why do they do this? Why does every single "new" and "cutting-edge" idea has a website that takes me more then 30 seconds (absolute worst case) to find the very thing I need to login?
Why do companies like Twilio make me put my email in first and hit the arrow before i can even type in my password? (it confuses me and the password manager) and adds at least 5 seconds to the login process.
> Why do companies like Twilio make me put my email in first and hit the arrow before i can even type in my password?
Because of lazy UX implementations of SSO.
You'll see logins like Google, where this is common. If you submit an email that has an SSO authentication associated with it, they can redirect you to the right auth form.
However, for everyone that's not an SSO login this is a worse experience.
I've noticed this for years, and always wondered "Why?" myself. Then I came across a UX blog where the author suggested doing exactly this. Their reasoning being that new users aren't familiar with your website, so they need a big garish button to help them sign up easily, whereas regular users are familiar with your website already so they will know where the Login link resides.
I don't agree with it personally, I think it reflects an organization where marketing is prioritised over customer happiness.
I remember the same, but funnily enough, it seems to be fixed now, with both "Sign in" and "Sign up" buttons available on the top right. I don't remember how it was before, but I always started to create a new account instead of logging in.
What's the problem? They have both "Sign in" and "Sign up" next to each other. Same color, opacity and the only difference being that there's a border around "Sign up".
This looks like very bad idea to make a page looking different for users based on their cookies. When user comes to this page from different laptop, he will get confused since the highlighted button won't be the "Sign in" anymore as he got used to.
I guess Sign In and Sign Up should be distinctively different all the time.
I also noticed this trend, but I don't understand the reasons, the site also doesn't explain it. Wouldn't it be beneficial to capture (and potentially track) existing users earlier? What's good in annoying them? Why are dominant sign in/register buttons mutually exclusive? What became of the trend of the reverse - large sign-in with a later option to register?
My cynical guess is that when companies A/B test this, they find that a clear sign-in button reduces the number of new sign ups (because if the sign-in button is hard to find, some existing users will create a new account). A/B testing is great but it's very easy to optimize for something that's easy to measure rather than what you fundamentally care about.
And this can be easily solvable by swapping the Sign up for Sign In after the first time you logged in a browser cookiejar. Obviously the devil is in the details, but it shouldn't be that complex having a visible Sign Up for potential new users and a visible Sign In for existing users...
Please don't! The worst thing is to swap meaning of a button at exactly same placement. If you are forced to do it then at least change background color and add some icon etc.
But nothing can beat MS Teams "Close" document preview button, which once clicked, uncovers chat "Call" button. Add some laggy nature of Teams and you call the entire channel/chat just by trying to close an opened document with too many clicks.
But that would not change "immediately". Basically if you never logged in (in that browser) you see the "Sign up" more prominently and once you registered, you are already logged in (so you don't see anything at all) but if you do log out, then you would see the "Log In" clearly (and the "Sign up" will be somewhere also but not in the best spot).
This could make it even more annoying imo. Sometimes the sign up button is the first thing you see, and then other times its the sign in button. You'd end up clicking on one or the other out of habit and realizing it was the wrong thing afterwards.
If I'm signing in, there's a good chance there is no cookie saying I have ever signed in.
Semi related, ClickUp does have a signup button right in front of you but they always log me out between sessions. It's a great app, but it's irritating when you have to login each day, especially since it is meant to be used everyday.
For a while it was the case that Mailchimp.com did not have a login button on their homepage at all. To log in I would have to use the link sent to me by the colleague who managed our account.
Frustration is one of or the primary drivers in the purchase and use of computers.
"Getting them to do anything at all,makes us overlook there fundimental uselessness"
Douglas Adams
Isn't this the direct result of startup incentive structures? Don't startups measure success more in "number of conversions" than "number of return visits"?
As an AWS consultant, I work with a lot of client companies and I’m often watching a screen share while they are navigating through the console. I haven’t seen one yet that actually logs in to AWS directly and not use some type of SSO solution.
- Having confusing language and poor differentiation between the sign in and sign up form. Symptom, users start filling in the wrong form only to realize their mistake.
- Separating the password from the email field with an extra mouse click sucks if you are using a password manager. Doubly so on mobile where using password managers involve a bit of fiddly interactions. Having to do this twice sucks. If you do this, at least have one of the fields in the dom tree but hidden so that it gets filled with one click via your password manager.
- Not making the login form password manager friendly my not sticking to conventions for field names for this.