This is a post I have been meaning to write for some time. It is an attempt to summarise a lot of frustrations with the way websites handle creating and using personal accounts. I am talking about all sorts of websites, from petition sites to banking to video sharing etc.
I am not complaining here about the fact that many websites require (or strongly encourage) you to create an account. I understand the desire to be able to use a website without registering, and that option should always be available if appropriate, but sometimes I want to create an account and there is no option to do so. For example, I fairly regularly sign petitions at petitions.number10.gov.uk and I have to enter my details each time I do so, and there is no way to view all the petitions I have signed. Being able to create an account could solve both those problems.
I have created accounts on close to one hundred websites and it is a pain managing them all, but some are worse than others. So what follows is a list of my pet hates:
- Websites where there is no obvious place to log in, bbc.co.uk for example. What if I want to log in to change personal details, or just check that my login still works? There is no obvious place to do so and I don’t want to have to spend ages searching the site to find a place where it asks you to log in.
- Websites where there is no obvious way to log out. What if you are logged in and you want to check how the site appears to someone who is not logged in? Yes you can search your cookies and find the appropriate one to delete but that is a pain. Sometimes you can find a hidden logout button but why not make it obvious? Of course it is often because they don’t want you to log out in case you forget to log in again, and they want you logged in all the time so they can gather the maximum amount of data about you. Text saying “If you are not Joe Bloggs click here” is no substitute for a clear logout button – I am Joe Bloggs, I just want to log out.
- Logins that don’t work with my Keychain. I am a Mac user and I find the Keychain functionality very useful – but it only works with about 70% of websites I use. There are two types of not working. In some cases I never get the option to save the username and password in my Keychain. Far more annoying though are the sites where I get the option to save the details and I say yes, but then when I log out and try to log in again the details are not retrieved. This has happened a lot with http://www.bt.com for example. During the login process I seem to get redirected all over the place to complex URLs that don’t match the URL saved in the Keychain. Facebook has been another culprit.
My advice to designers who are working on websites where users can create personal accounts is to always have an obvious way to log in or create an account and, if the user is logged in, an obvious way to log out. Furthermore, make sure that the system works with the Mac OS X Keychain (or whatever the equivalent is on Windows and popular Linux desktops).
One final point. OpenID has been touted as a solution to the authentication problem and companies have been jumping on the bandwagon with press releases announcing that they are enabling OpenID support. In general they are doing nothing of the sort! Microsoft, Google, IBM and Yahoo! for example all say they support OpenID but what they really mean is that you can use your credentials from their service as an OpenID but you can’t use your existing OpenID to log in to their service. If every company followed their example then OpenID would be of no benefit to anybody whatsoever.