7 Social Login Myths Debunked
So much confusion when it comes to Social Login Buttons. Sometimes, connecting an app to a social network is necessary for the product:
- "Connect with Facebook" to play to a game with friends
- "Log with Twitter" to unfav all your tweets
At OAuth.io we see a lot of apps leveraging OAuth, to offer features. However, OAuth is also often used for authentication.
In this case, you have two sides facing each other: the Social Login providers who say that it's a must to drive more conversions, and the cool outsiders who state that "it doesn't worth it, that it screws up your UX and that it's intrusive."
The truth is that it depends on what you're trying to achieve, and it is very important to look at the facts rather than being seduced by catchy headlines. The Social Login landscape is full of traps, let's see how to avoid them.
1- "The User No Longer Has To Fill Forms"
This statement looks great in theory, but let's look at an example. Gigya is a leader in Social Login management. This is what they sell, so they should get it right, no excuse.
They actually propose quite a few social logins! Yay.
Let's register with Twitter to save time.
Wow, they want to be able to follow people, modify my profile, and post tweets on my behalf? Why is that? I'm just testing a commercial service, it's not even an app. They are freaking me out.
Let's try another provider, more professional: LinkedIn.
Request to access my profile and my connections, OK that's fine. This way, Gigya will be able to automagically fill this long boring Signup form.
Oh no: Seems like I still need to type in my company name and my email address. How come they didn't retrieve this info from LinkedIn?
Whatever, let's give it a shot with… Facebook. Ouch, the form doesn't load.
Hum, let's try with another browser.
OK I give up. I just wanted to test the flow but apparently it's not the right moment. Takeaway? These forms aren't autofilling so easily, even with social logins. Myth busted.
2- "You Will Get a Pre-Validated Email"
Whoohoo, awesome: remove the need for sending a confirmation email and getting it clicked. This is great: when the user has to check her email (and sometimes look into her spam folder) conversions drop. You know this.
But… the reality is a bit harsh. Let's stick with my Gigya example: If I had registered with Facebook, I would have needed provide an email anyways. Like many people, my email is hidden in my Facebook profile. Yup.
And there's worse to come. Let's take another famous identity provider. Twitter would have failed to return a pre-validated email as well: they never give access to this kind of information. If you want a pre-validated email, you will have to go for Google or Yahoo.
3- "Social Logins Boost Conversions"
Even if the user still has to fill in some cumbersome forms, it is true that the password is no longer required. This is great as it simplifies the signup process. However, there is a sacrifice.
Don't forget that the user will need to click twice: First to open the identity provider pop up window, and second to authorise the application. This means that while signing up, the person leaves your interface for a few seconds.
Not so bad, but not so smooth. Let me explain why.
During a sign up, you want to go straight to the essential and minimise friction. Let's look at an "extreme" example: Stripe's signup form.
See? You can even "Skip this step."
You are then redirected to the dashboard where you get to play with the product, and if you wish, you can "Save your account." Just like you would save a text.
Awesomeness. Cherry on top, the "Save account" form comes back in a über-simplified version. Email /Password. That's it.
Maybe not every brand can do this. But my point is just to illustrate that minimising the friction during a signup is crucial. It is always your number one objective.
This is backed by science: "getting a person to agree to a large request by first setting them up by having that person agree to a modest request" is a well-known compliance tactic called the "Foot-in-the-door" technique.
To achieve this, the Social Login Button is an option, but it's not the ultimate solution:
- Email + Password can be lighter than a double click + a popup window
- Upfront signup is not a must, it's an option
If you're an online media, maybe a Facebook connect will drive more conversions. But in some other cases, better solutions are available: there is no universal rule.
4- "It Makes Future Logins Easier"
The argument is the following: if a user signs up with Facebook, she won't have to remember her password. Next time she'll connect, there won't be any "I forgot my password / login" dance. Therefore, it will boost the engagement and the CLV, blah blah blah.
Reality is a bit different though. People signup to many services and have multiple social media accounts. Any developer dealing with user management will tell you that avoiding duplicates is nearly impossible.
A user would signup with Twitter, then come back and login with Facebook, and there is no magical way to merge these two identities, although it's the same person behind.
Maybe a cookie will help to propose the right login button, but we're living in a multi-device world: tablets, phones, desktops… There is no perfect solution.
The more Social Login Buttons you propose, the more confusion you might create.
5- "Users Can Control Their Data"
Social Logins always rely on permissions given by the user. This is supposed to be great. This way, third-party apps aren't able to access to everything they want.
The concept has recently been pushed one step further, with Facebook's announcement: "the anonymous login"(btw, do you know anyone who actually used this yet?).
But the privacy is asymmetric. People forget it's effective only on one side: the identity providers get to know exactly which apps the users consumes. Creepy.
However, this doesn't impact you directly as an app developer. Even if it can be an ethical question, the fact that the identity provider knows your users doesn't matter. Oh wait. Except if this provider is a competitor, of course…
6- "Social Logins Cause a Nascar Effect"
This is one of the points made by Mailchimp's CEO, Ben Chestnut: he asked to remove the social logins from his interface because of the effect it could have on branding. As we have seen, the signup is a very important step in the customer's journey. So is he right?
Diluting your brand by displaying some third party logos can distract your target and dilute your impact. When you look at how Mailchimp manages its signup, it is true that including a Facebook button would hurt the experience:
Fancy design. Let's not mess this up right? But let's look at another case.
See below: do you really think that the "Signup With Google" button hurts the Trello brand?
The answer, from my point of view, is no. Mr. Chestnut is being a bit too dramatic.
Moreover, I prefer a thousand times to log in with Google, rather than creating a new arbitrary username that I have to remember each time I come back.
BTW, Mailchimp is cluttering up my brain: why can't I just provide an email? Why do I need to make up a username on top of my email, which already is a unique identifier?
They might think that this is going to create a special relationship with the brand, but in fact it is really annoying. I've checked with a few people around me, and I'm not the only one who always forgets this damn username.
Social Login Buttons don't have to turn your website into a Nascar. But let's continue with another myth spreaded by our Mailchimp friends.
7- "Social Login Buttons Aren't Worth It"
Haha, maybe you recognised the title of a famous Mailchimp blog post. It's just a link bait though: it sparked many discussions back in 2012, but when you read the text, you realise it is nothing more than a catchy headline.
We just learn that by improving the hints given to the username and password fields, the login failures decreased by 66% and the password resets by 42%. This very interesting takeaway is hidden behind the flashy title, that tries to spread another Social Login myth.
And this would be my conclusion: You can't make a general statement about Social Login Buttons. Saying they are a must, or that they're useless is really stupid. It hides the important aspects that the app developer, along with the UX person or the Product Manager should think about.
Of course, relying on a third party for authentication is not perfect. However, fostering the creation of new username and passwords is also bad for the internet. This endless credentials creation spiral doesn't make sense.
Always remember to build your strategy based on your product, and not what others say based on their particular experience.
Pro tip: To explore the endless possibilities, just have a look at User Onboarding for inspiration.
The first paragraph about Gigya doesn't mean to be rude, I just chose them randomly because I thought I would learn from the way they manage Social Logins. They are not really a competitor as we just provide OAuth APIs to integrate 120+ providers, but we don't offer pre-built signup forms etc. Their solution seems to work great for their clients.
If you look at our own signup flow, you will realise that we offer several social login buttons. In fact, in this post, I'm just sharing a reflexion that we have internally "how to leverage social logins in the best way" :-)
Elie | @Philocrate