As I noted in my last post, adverts put people off. As does paying for a service. Jeff Atwood points out that registering for a service also puts people off.

If your application requires users to log in, don’t underestimate the impact of the login barrier you’re presenting to users. Consider utilizing anonymous, cookie-based accounts to give users a complete experience that more closely resembles the experience that named users get. By removing the login barrier and blurring the line between anonymous users and named users, you’re likely to gain a lot more of the latter.

Just asking users to login or register scares them away. And he’s right. When I’m looking at new sites online, I don’t want to sign up to find out if I want to sign up. I want to poke around before I create yet another registration, yet another version of my information. Jeff’s post was very timely, I need to take this into account when building Multiblog.

The barrier to entry needs to be so low anyone can get over it. Or no-one will.

However, given it’s nature this is going to be difficult with Multiblog. I guess it’s possible to create accounts tied to an anonymous cookie and allow them to create blog accounts on that account. But it’s hardly secure. What I need to do is allow anonymous users to wander round everything, toy with configuring accounts, even draft and hit post on entries. Then I’m afraid I’m going to have to stop them and make them sign up. But, this has to be painless.

How do I do this? There are numerous options I could take. One idea is to prompt for an OpenID, the idea behind OpenID is that it’s an Open system for authentication, everyone should support OpenID and then you can allow people to post behind an identity on any site without signing up.

I think that’s great for many applications, such as posting comments on blogs (like this one), but it doesn’t work for services like Multiblog. Even the OpenID site says so:

This is not a trust system. Trust requires identity first.

There has even been spam originating from OpenID sources. So we need something else.

I’m going to have to go with an infrequently used option. I’m going to prompt for an email address. That’s it. This isn’t a site with profiles, so there is no need for usernames or anything else. When you first start using Multiblog I just need a globally unique way of referencing people. And that’s their email address. Couple that with a random password and then you have a full sign-up and authentication system. On entry of the email I’ll send an activation password. On logging in with that password, I’ll set everything up and have the user back at the “are you sure you want to post this entry?” stage. Job done.

As frictionless as it is, it’s a threat. This is predicated on at least one free post to all users. Which is an exploitable hole. People could buy a domain and have an infinite number of email addresses. So, I’ll have to make blog accounts (the accounts Multiblog posts to) be unique, monitor sign-ups (not expecting high volume) and take appropriate other anti-spam/abuse techniques.

But basically, I think it’s a good approach. It will allow users to sign up in seconds and to explore 95% of the application without an account. I hope Jeff likes it more than an vanilla textarea control.

Popularity: 72% [?]

This is version 1 of this entry and was posted 1 year, 5 months ago on Saturday, June 9th, 2007 at 6:02 pm and is filed under MultiBlog, Opinion. It's popularity ranking is Popularity: 72% [?]. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site. This is the first version of this post.