Chris Grove, CTO
This past weekend, I spoke at SocialDevCamp Chicago with developers about how to integrate social sign-in features into their webistes and apps. Here are some of the key points from the talk.
What is "social sign-in?"
Social sign-in features enable your website visitors to register for your website or application using an existing login of their choice, such as their Facebook, Google, or Twitter profile. As a web developer, you can leverage a third party as an identity provider and at the same time you can reduce "login fatigue" for your users.
Some benefits of using social sign-in on your website include:
- Increased conversion rate
- Better contextual data as you gain access to the user's profile information
- Less effort to implement (do you really want to write Yet Another Authentication Service?)
- Increased security by leveraging the third-party provider's security features
As a website owner, you face the challenge of designing a compelling enough experience to make users want to register and dig deeper. Just 25% of users are generally willing to complete a registration, and 76% give incorrect or incomplete information when signing up for a new service. People are more willing to return to (and purchase from) sites that automatically recognize users.
Why Not Social Sign-In?
However, there are some cases in which you would not want to implement social sign-in. You need to be comfortable handing off critical site functionality to a third party (if you are in a regulated industry, this may be prohibited due to security requirements).
When implementing social sign-in, there's a tradeoff: use a convenient service such as JanRain and you are charged once usage exceeds a certain threshhold, whereas if you implement yourself, your effor to implement (also a cost) increases.
Further, know that at any point, Identity Providers (IDPs) like Facebook and Google can change their API, breaking your site functionality and forcing you to immediately stop and adapt your code for the changes. When you use social sign-in, you trade convenience for control and dependency on a third party's system.
To get the most out of social sign-in, you'll want to use the social network's branding, which lets your users know that the process of creating a new account will be quick, painless, and trusted. Also, make sure to offer multiple identity providers (e.g. Google, Facebook, OpenID, Twitter) so the user can choose which service they prefer. You can streamline your user's registration by pulling profile data from the third party service, and always give a clear indication of when registration is a success.
Providers and APIs
- Identity Providers include: Facebook, Twitter, Google, LinkedIn, Microsoft, Yahoo, OpenID, MySpace, Flickr, etc.
- Stand-alone APIs include: HybridAuth (PHP), OmniAuth (Ruby), SocialAuth (Java, .NET)
- Service APIs include: JanRain, Gigya, Windsoc
Leave a Comment