1. Require Usernames
Now let’s see… am I “seanmccleary” on this website or was this one that only allows usernames up to 8 characters and I had to sign up as “seanm”? Or was it the one where I had to be “seanm2″ because someone already took “seanm”? Oh if only I had some kind of unique ID I could log in with that’d work on all websites, and this frustration could be but a distant memory!
Actually, there is: You have an email address. Surprisingly few websites let you log in with your email address, even though they force you to give it to them anyway.
2. Not Offer OpenID or OAuth Logins
Take the above one step further: Why should a user have to log in through your website at all when there’s any number of reliable websites out there that can verify his identity for you?
OpenID and OAuth can do just that, and they’re implemented by a number of big industry players, like Google, Yahoo and Facebook.
OpenID’s been criticized for being too difficult for regular users, but check out Common Tastes and Stack Overflow for examples of sites that have put together fantastically easy-to-use OpenID login pages.
3. Draconian Security
You have one more login attempt before your account is locked.
“Oh for the love of… all I want to do is send Grandma an E-card!”
Sites who lock your account after unsuccessful logins and require overly-complicated, non-dictionary, mixed-case passwords can’t spend much time doing customer support. If they did, they’d quickly go out of business because they’d be doing it all the time.
Securing your site against hackers who want to ransom your server or use it as a spam gateway is smart. Implementing more stringent security than Amazon because you’re worried about hackers who want to log in as your users to play your flash games or send e-cards is delusional.
Sure security is more a concern if you’re, say, a bank. But most websites aren’t banks.
4. Require Too Much Private Information
You sell a product. You want people to download the trial version. People coming back to buy the full version is how you make money.
So why do you make it so hard for people to get to the download? Why do you need to know my age, salary range, industry, and address? Can’t all that wait until I buy the full version? (In fact, you better have a good reason for needing it at that point, too.)
How many potential customers do you think you lose because they don’t want to share that information with you just to try your product?
5. Intentionally Obscure Information
On one of my first web development jobs, after a lot of convincing, the customer accepted the fact that they had to show their prices online (yes, this was back in the days when that was even a question). But they didn’t want their competitors to see it.
Their solution? Just make it really hard to find the prices. It being one of my first jobs, I was too inexperienced to know that what the customer asks for is rarely the best way to accomplish what he wants, or my responsibility as the developer to work with him to find the best solution. I made the the prices really hard to find.
The result? Well you probably guessed the result: Users were inconvenienced, and competitors could still find the prices after a while of poking around. (A double bonus for the competition: Many of the users probably went straight to their websites after being frustrated with this one.)
Agree. You can add
1. Automatically logging out after 5 minutes for “security reasons”
2. Ignoring tabbed browsing behavior by making some kind of silly java script pop up window that doesn’t work in tabs
3. Sites that don’t allow “right click” to open in new tab, I think because they think this means people can’t copy pictures…
4. Using flash for navigation (again, no way to open in tabs)
I’m not so sure on the oauth, you’re basically handing all your privacy concerns over to a vendor you may or may not want to be in bed with.
Other than that, I completely, utterly agree. Nice post.