On May 29, Amazon launched the " Login with Amazon " button, which will allow us to use our account to make transactions or interactions on other sites. For example, we can certainly use it to review a book on the Goodreads site (bought by Amazon for around 200 million on March 29). Amazon thus becomes the latest in a long list of digital identity providers .
Let's get to some definitions first, as the terminology for the concepts covered in this article is not formalized.
Single sign-on means using a digital identity that you already have to create an account on a third-party site (and connect to it). For example, I use my corporate Google account to log into our timesheet system, a cloud-based application.
Social authentication adds to the concept of single sign-on that of social integration , that is, the possibility of using the connections that we already have on social networks. For example, by choosing my Facebook account to create an account on Pinterest, the site was able to use it to show me the activity of my friends on Pinterest.
MARKET SHARE OF DIGITAL IDENTITY PROVIDERS
There are many providers: Facebook, Twitter, Linkedin, Google, Foursquare, PayPal, OpenID, Yahoo, Github, etc.
Of these, Facebook is chosen most often by users, with 46%. Google is not far behind, however, with 33%, up.
WHICH ONES TO CHOOSE?
When choosing which identity providers to offer your visitors, you have to keep in mind the context of your site. For example, GitHub is a good choice for any application that involves programming, but it's completely inappropriate on any other type of site.
FOR PERSONAL SITES
If the service is of a personal type, Facebook and Twitter will be particularly appropriate. Incidentally, FourSquare and Pinterest offer precisely these two identity providers.
FOR BUSINESS SITES
Google is a good choice since many companies have adopted Google Apps as their email service. In this way, the employee of a company can log in at all times with his corporate identity. Trello and SurveyMonkey apps are good examples.
ADVANTAGES
FACILITATE REGISTRATION AND FUTURE CONNECTIONS
By making the registration and authentication process easier, one would expect the conversion rate to increase. Indeed, increases have been observed:
- MailChimp reporting a 4% increase ;
- Elsewhere, we are talking about a 30 to 50% increase.;
- Mixcloud would have seen an increase of 200% to 300%, combining authentication via Facebook and Facebook's Facepile plugin .
-
Custom implementation of the Facepile module LESS BOGUS DATA
88% of Internet users admit to providing bogus data in registration forms. Single sign-on, on the other hand, promotes the use of truthful information, because it is the most obvious alternative that presents itself to the Internet user.
-
Grouper registration form, showing the information collected in our Facebook profile. INCREASE USER ENGAGEMENT
Logging in through a digital identity provider can foster user engagement by enabling:
- to automatically find among his friends who is already active on a site;
- to see personalized content from our first moments on the site by presenting, for example, priority content from our friends, or even according to our geographical position;
- to have, from the start, an enriched profile, with a photo for example.
SECURITY
It is perhaps useful to specify that by using, for example, Facebook for authentication on a site, the latter will not be able to have access to your password. Thus, the mechanism prevents the user from reusing the same password on several systems, a very widespread habit, but not very secure. Also, major identity providers such as Twitter and Google now offer two-factor authentication, which your site will probably never be able to offer given the complexity of implementing such an approach.
-
Illustration of how “two-step verification” works and benefits at Google In summary, the idea is to transfer the complexity of offering security-enhanced authentication to digital identity providers.
DISADVANTAGES
IMPLEMENTATION COST
The main disadvantage is the increased complexity needed to implement social authentications. Fortunately, applications such as Gigya or Janrain promise to greatly simplify this process in addition to reducing the maintenance required.
IDENTITY PROVIDER DEPENDENCY
If the identity provider is down, the user will not be able to authenticate to the site. However, if you have the email of your users, it will always be possible, if necessary, to offer them to choose a password.
WHICH ALREADY?
By offering multiple identity providers, there is a risk that the user will not remember which provider he used to create his account. However, if you encourage your users to connect via several accounts (to find more friends for example), this risk disappears. For example on Klout, all my accounts are connected, because it increases the value of the site for me.
-
Klout Dashboard GOOD PRACTICES
Here are some best practices to keep in mind if you plan to offer single sign-on to your visitors.
DO NOT REQUEST MORE PERMISSIONS THAN YOU NEED FOR THE CURRENT TASK
Each of the digital identity providers offers access to different data and several of them make it possible to choose the permissions to be requested from the Internet user. A strategic choice is necessary: the user must feel that the requested permissions are justified. In addition, Facebook and LinkedIn allow the user to refuse to give certain permissions, but still continue with the creation of the account.
-
CLARIFY YOUR INTENTIONS
According to an eMarketer survey , 41% of respondents expressed concern that the site shared personal information without their permission.
A good practice is to dispel these fears with a very clear sentence, positioned near the recording buttons. For example, the Grouper site reassures us with a humorous touch: “ We'll never post to your wall or anything lame. »
- One of the ways to convince the user to create an account is to show the user that some of their Facebook friends are already members of the site. This can be done easily with Facebook's Facepile module .
-
Facepile module on Wikibouffe DO NOT ASK FOR A PASSWORD FROM THOSE WHO CHOOSE SOCIAL AUTHENTICATION
The main purpose of social authentication is to avoid creating a username and password. Asking for the creation of a password anyway could disappoint the user and cause him to leave the site.
THE PIONNEERS
Many of the American heavyweights offer one or more digital identity providers to their visitors: Pinterest, Fourquare, TED, Quora, Behance, Goodreads, Lastfm, Soundcloud, Rdio, Angelist, Hipmunk, Stackexchange, Readmill, Couchsurfing.
In Quebec, few sites offer the possibility of creating an account via a digital identity provider, but there are still a few:
- Wikifood (Facebook)
- Tuango (Facebook)
- Small Green Gesture (Facebook)
- Bell Moving Planner (Facebook)
- LeDevoir.ca (Facebook)
- LaPresse.ca (Facebook)
- The Gazette (Facebook, Google, Twitter, LinkedIn, Yahoo!, OpenID)
- Music Plus (Facebook, Twitter, Yahoo!, Google, MSN)
- Ztélé (Facebook, Twitter, Yahoo!, Google, MSN)
- Auto-Hebdo (Facebook, Yahoo!, Google)
(Feel free to suggest additions by commenting on this article):
-
Modal window for creating superimposed accounts on the Wikibouffre site That said, sites that are currently in the usability mockup stage will soon offer single sign-on or social sign-on features.
EVEN GOVERNMENTS ARE INTERESTED
Indeed, as I pointed out last January in CEFRIO's NetTendances booklet:
“The US government has formulated its recommendations for the creation of a digital identity ecosystem that would involve the private sector on the one hand, and a regulatory body on the other.
Open Identity Exchange , the body in question, now has the role of certifying digital identity providers, for example Google or PayPal, as to their compliance with security, confidentiality and their operational procedures.
Soon, a citizen will be able to use the credentials they use on these systems to log on to government sites”
( E-Government: Challenges Ahead!)The British government has decided to go in the same direction by also involving Open Identity Exchange
DISCUSSION
Do you think single sign-on and social authentication are essential to ensure the success of a web initiative in 2013?
.jpg)
