UIEtips Article: 8 More Design Mistakes with Account Sign-in

Jared Spool

January 14th, 2008

While design teams add account registration and sign-in features to enhance the user’s experience, in doing so, they can create all manner of user experience problems. One of the most difficult things to get right is a good sign-in and registration process.

In a recent UIEtips article, I described eight common account sign-in mistakes that we see all the time in our usability tests. Today, in our UIEtips email newsletter, we published my latest article that continues the list with 8 more design mistakes you’ll want to avoid. If you’re designing an account system, or already have one, this serves as a good start to assess how much you may be frustrating your users.

You can read my article here.

Account Sign-in is just one of the topics we’ll discuss at the Web App Summit, March 26-28, 2008, in San Diego, CA. You’ll want to reserve your seat today. Tuesday, January 15th is the last day for the $1,799 pricing.

10 Responses to “UIEtips Article: 8 More Design Mistakes with Account Sign-in”

  1. leovernazza Says:

    Hi Jared, I have to disagree with you in the #13…

    This is just another case of security -vs- UX trade off, but in this case I agree with this kind of solution.

    Accurate error messages are great for everyone trying to enter the account, and it’s not just you, it could be i.e. a hacker. If the system explicits that the username is VALID, thay can just fix it and try passwords until violate your account. Besides, sometimes the username is an email address, and that’s ALL a spammer need to know about you. If the system helps them to discover the customer’s email, it will produce a huge user experience detriment via spam…

    It would be great to have the best of all worlds, but in this case, I think the trade off is completely necessary and the examples you presentes are a good solution.

    Ok, maybe it should be configurable by the user. After all, he should be the one to decide about what is worst for him… What do you think?

  2. Garry Says:

    Hello Jared,
    Thanks for you great newsletter and excellent experience. Much appreciated.

    I also disagree with #13 – Not Explaining If It’s The Username or Password They Got Wrong. As a user, when I fail a sign-in, I wish I knew what was wrong, but as a developer I know it would significantly reduce the security if we told the user what was wrong: the username or password. The solution is to provide a way for the user to retrieve both the username and password through a smart and secure method. I don’t think it should be configurable by the user since they often don’t understand the consequences.

    Regarding #11 – Using Challenge Questions They Won’t Remember In A Year, I agree and would suggest this goes further than remembering in one year. Security questions actually present a hole or weakness in a sign-in and in reality should be called “in-security” questions. However, the risk is low if developed correctly and developers use “good” questions. After being frustrated on numerous websites with “favorite” questions (which are poor questions), I decided to offer a list of questions that developers can use along with my opinions about which are better than others: http://www.goodsecurityquestions.com/examples.htm

    Thanks again.

  3. Cris Says:

    Great article(s), Jared. A friend of mine sent me the links today. I think most of these problems spring from developers coding for their own convenience rather than the user’s.

    I do have to take issue with your assertion on Mistake #12: “Coding the return point from the registration process is technically very difficult.” It’s not difficult at all. That information can be stored several ways (e.g. on the url, in a cookie, in a server-side session) so it’s available at the end of the registration process.

  4. Larry Halleran Says:


    This is great information to think about before designing a sign in. I think of only part of my problem as not thinking through the design to better address these kinds of issues up front. The bigger part is not finding a way to let my users tell me when I am making mistakes. How do we make it easy for any user of our websites to quickly and easily give us feedback on their experience? I would think a quick rating sytem (select 1 through 9) would give only a crude measurement of effectiveness and user satisfaction with my website. Alternatively, asking them to type a long explanation that would provide specific information does not seem to be very user friendly either.


  5. Indu RS Says:


    Excellent article on User Sign-in. This study provides quite a lot of information for UX and Usability engineers to set goals and standards. I agree in except for the #13.

    Thanks again.

  6. Greg Nudelman Says:

    Excellent article, Jared! Gold standard in sign in Partner Experience, as only UIE can put it. This list was tremendously helpful in our recent eBay.com registration redesign.
    Thanks again!

  7. Premasagar Says:

    Nice set of observations here, Jared.

    OpenId login is becoming more common these days and will probably become fairly ubiquitous soon. It is a new kind of login where you only need to have a username and password on one website on the Web, which you use to log in to other sites. The use of OpenID bypasses a number of the issues that you raise.

    However, a number of user experience issues have started to crop up with OpenID’s implementation into sites. For example, on Onaswarm (a lifestream social network), the OpenID login looks like it requires a password (but there is no need for a password with OpenID) and does not function unless the ‘http://’ part of the url is included (yet does not mention that it requires it). Still, we live and learn…

  8. Did I Get #13 Wrong? - Do All Sites Need Similar Security? » UIE Brain Sparks Says:

    […] folks wrote to tell me I’d gotten this wrong — that, in fact, this is intentional to throw off […]

  9. 10 Blog-Lesetipps der Woche für Shopbetreiber » Tipps, Muster, Checklisten, News, Urteile für Online-Händler » shopbetreiber-blog.de Says:

    […] 8 More Design Mistakes with Account Sign-in von UIE Brain Sparks […]

  10. Brian Says:

    Re: Comment 2 – Garry Says: January 14th, 2008 at 1:47 pm
    Garry’s link in Comment #2 — http://www.goodsecurityquestions.com/examples.htm — is now “Not Found”

Add a Comment