Read on Twitter
All the things I think about when I think about authentication. #uxpatterns
01 — How do we ensure that auth doesn’t stand in the way of usability?
02 — What are the sensitive areas which require a more strict auth?
03 — When will we prompt users to authenticate themselves?
01 — How do we ensure that auth doesn’t stand in the way of usability?
02 — What are the sensitive areas which require a more strict auth?
03 — When will we prompt users to authenticate themselves?
04 — What password requirements do we want/need to implement?
05 — What auth method do we want to prioritize for signing in?
06 — Will auth via login/password be a default choice?
07 — Can we ask users to verify email at review page or success page?
Image by @adambsilver
05 — What auth method do we want to prioritize for signing in?
06 — Will auth via login/password be a default choice?
07 — Can we ask users to verify email at review page or success page?
Image by @adambsilver
08 — Can we avoid asking users to verify their password?
09 — Can we use the show/hide pattern for password?
10 — Can we provide a live password requirement checklist?
11 — Can we ask for a passphrase instead of a password? How do we explain it?
Img via https://dribbble.com/shots/4298963-Show-password
09 — Can we use the show/hide pattern for password?
10 — Can we provide a live password requirement checklist?
11 — Can we ask for a passphrase instead of a password? How do we explain it?
Img via https://dribbble.com/shots/4298963-Show-password
12 — Do we provide a 2-factor-authentication?
13 — Can we replace security questions with a 2-FA?
14 — With 2-FA, can we avoid the SMS option (QR, app, email)?
15 — Do we provide a social media sign in?
16 — If yes, what services do we support? What permissions do they get?
13 — Can we replace security questions with a 2-FA?
14 — With 2-FA, can we avoid the SMS option (QR, app, email)?
15 — Do we provide a social media sign in?
16 — If yes, what services do we support? What permissions do they get?
17 — Do we provide a magical link sign in? If so, when?
18 — Do we provide a biometric sign in? If so, when?
19 — Do we provide a connected device/Bluetooth sign in? If so, when?
20 — What do we do to prevent customers from using insecure passwords?
18 — Do we provide a biometric sign in? If so, when?
19 — Do we provide a connected device/Bluetooth sign in? If so, when?
20 — What do we do to prevent customers from using insecure passwords?
21 — Can we set a long cookie expiry date to avoid frequent sign-ins?
22 — Can we authenticate with a phone number and a security text code?
23 — How do we design and build a password recovery experience?
24 — Do we limit the frequency of password recovery attempts?
22 — Can we authenticate with a phone number and a security text code?
23 — How do we design and build a password recovery experience?
24 — Do we limit the frequency of password recovery attempts?
25 — Do we enable customers to merge multiple accounts (email/Twitter etc.)?
26 — If not, can we suggest to customers what they signed in with last time?
27 — Do we really need CAPTCHA, or can we use honeypot/time traps instead?
26 — If not, can we suggest to customers what they signed in with last time?
27 — Do we really need CAPTCHA, or can we use honeypot/time traps instead?
If you'd like to see a few more examples of various #uxpatterns, we have a few friendly, inclusive online workshops on interface design patterns and UX coming soooooon: https://smashingconf.com/online-workshops/
