August 10, 2018

Do you provide email/password login, or social login (Google, Facebook, Github), or both

We tend to provide an API service, to sell some financial data.

When we check around other companies who provides API service, their login pages (Login process enable customers to check their API key usage, making payment, ...) are using email/password login.

I was wondering, is there any reason not to use social login (Google, Facebook, Github), to make the registration process easier?

Or, should we provide both options?


  1. 3

    Both!

    You need email login for (1) people without social media and (2) people with privacy concerns.

    And you need social login for lazy people. Since I added social login, I saw quite a improvement in my conversion rate.

  2. 1

    If it's a B2C product, you might get away with just a social media login (though, miserable old bastard that I am, you'd be excluding me - so it depends on your audience).

    For B2B (which sounds like you), then as @dwit says, email/password is a must. I might want to use a team email group address, so I'm not the only person getting subscription renewal reminders, for example. I certainly don't want the account to become a problem to access when I leave, because it's in my name. I'd say there's less of an argument in favour of social media logins here, but again it depends on your audience.

  3. 1

    Personally, I never sign up to any software / service using social media logins for the reason mentioned by @dqmonn . However, not everyone feels that way.

    I would offer both but I would definitely not rely on third parties still being around or still having feature sets which you can exploit.

    I was reading only this morning, for example, that the French courts have told Twitter to remove 256 "abusive clauses" in their terms and conditions. Who knows what the implications of that and other legal challenges might be to the business models of social media companies? I also read this morning that Facebook has seen the number of page views almost halve over the last year.

    So I would say "use these features if your customers like them but never rely wholly on them". Anyone whose business relies on someone else's business model has no business. Always, always, always reduce third party dependencies as much as you possibly can whilst acknowledging how people in the real world behave.

    Incidentally, have you any idea how facebook, Gmail etc., etc. use social login data? Under EU GDPR regulations, you may (or may not!) find yourself accountable for the entire end to end process with respect to privacy and issues of consent. I'm not stating that as fact because, until some poor bugger gets sued for a breach of privacy, no-one actually knows how the Courts will decide.

  4. 1

    one thing i just ran into was the thought of using email/password login over social login for B2B services.

    I as a civilian might have a gmail i can use to login, but the company i work for might want me to use my first.lastname@companyname.com email address. which may or may not have SSO.

    I was using google auth, but switched to allow email password for such cases, since thats who i'll be targeting