- On 11 September 2020
There’s much to think about when designing a secure user login that ticks all the right UX boxes. Here are four elements worth considering.
While data security is high up on your list of priorities as a developer, convenience tops the list for your app users. Long sign up forms, a lack of login and verification methods and confusing navigation are all pet peeves that need to be addressed when creating a login system.
Combining security with excellent user experience is an absolute must if you want to attract and retain users for the long-term. Think about these four points in particular:
1. Differentiate sign up and sign in terms
While ‘sign-in’ and ‘sign up’ has a nice ring to it, these terms are confusingly similar for users looking to login into their account, especially if they’re in a hurry. There’s nothing more annoying when you already have an account than hitting the wrong button and filling in the sign up form again.
A better approach is to use precise language as ‘login’ and ‘sign-up’. This offers clarity for users and ensures a smoother and faster login experience.
2. Use OTP for better security
Hard to crack passwords are virtually impossible to remember. For that reason, users typically won’t create them, instead opting for a more memorable password. User-created passwords are often weak and used across multiple accounts. This, of course, is a security concern.
If users pay for your app either as a one-off fee or via recurring subscription, consider using one-time password (OTP) authentication to ensure account safety. OTP consists of an automatically generated string of numeric or alphanumeric characters that can be used one time only for app login. This type of authentication technology is much more secure than a static password that’s used time after time.
The only issue with OTP is the inconvenience it causes users; it requires them to wait for and input a new password every time they want to log in. However, an app like VerifyKit does away with OTP altogether. The user can simply open your app and verify through WhatsApp or Telegram without inputting any details – just a couple of clicks is all that’s needed.
3. Offer a choice of verification options
Many mobile apps use SMS or voice call verification, but quite often, the user isn’t given a choice – something that’s key to creating a positive experience.
Rather than forcing your user down one verification route, consider using alternative options such as WhatsApp (used by two billion users worldwide every month) and Telegram. Both these options will considerably reduce your verification costs too.
VerifyKit offers WhatsApp and Telegram verification in addition to SMS verification. It enables you to verify users in just 6 seconds on average and has an 85% verification rate.
4. Allow users to stay logged in
Many users appreciate having the option to stay signed in, cutting out the login step entirely after they’ve signed in once. It’s a big time saver and cuts down on the amount of ‘forgot password’ requests from users.
Keeping users logged in does present security issues. Before implementing this, consider the sensitivity of user data and set a time limit for the session cookie to expire so that log out happens automatically. Also, prompt users to change their password regularly.
Designing a user-friendly and secure login system
Keeping users logged in, clearly separating login and sign up screens and providing optional social logins can all help to create an improved user experience.
Offering a choice of verification options also helps, particularly through WhatsApp, the most popular global messaging app around at this time. VerifyKit can help you with this – and cut your verification costs by up to 80% too. Learn more here.
Phone number verification can boost security for your app and should be considered if you’re capturing sensitive data such as payment details, although this can be a tedious extra step for users.
There is more to consider when designing your login screens, such as whether to show and hide passwords and provide security warnings after so many unsuccessful login attempts. But these four elements above are a good starting point. Getting them right will give your app every chance of success.