Hacker News new | past | comments | ask | show | jobs | submit login
Ask YC: Login system
7 points by drewcrawford on June 21, 2008 | hide | past | favorite | 13 comments
I'm working on a startup involving lots of sub-$1 payments. Because of this, we pretty much need a valid e-mail address.

Our options are: A) Let the users create an account, type in an e-mail address, and we send them a verification link (I hate these) B) Let them log in with a Google Account. They would actually be redirected to a Google.com page to log in, and Google would give us the e-mail address (we never have their password).

Personally I'd much rather do B as a user, but I can potentially see some confusion for users, especially if they don't have a Google account already. In theory we could allow both, but for launch we are only going to spend time on one. There's also a concern that some users would think it's a scam to get your Gmail password (even though it's entered on a Google.com site).

What do you think?




At my sites I like allowing members to create accounts without email validation. To post anything, however -- or in your case, send or receive funds -- their email needs to be validated and I use a persistent message in the header to remind them of that.

I would personally never use your site if you required a Google account to log in.


That's a great functionality you'll see on some sites with the lost password function. You can register without an email and use all functionality except the "lost password" function — if you want to use it, you need to specify it in your account settings.

I think HN and del.icio.us do this.

Is there some other functionality on your site that doesn't require payment?


> Is there some other functionality on your site that doesn't require payment?

I'm not sure if this question is for the original poster, but I forgot to mention that providing an email address is actually required at my sites. Only after validating the email address are members able to post, vote, etc.

One advantage to this is that I'm able to keep track of who hasn't validated their email and therefore become full-fledged members of whatever site they joined. I can start a conversation with them and learn from them what I overlooked about the site -- or point things out to them that they may have missed.


You want option (a). It works, it's proven, it's what everyone else does, it's less annoying than it sounds like, and you're unlikely to screw it up.


I'm also confused about why you need a valid email address for the payments. A little clarification would be good.

I would recommend against the Google account login system, I prefer to try to keep some of my life secret from Google.

Have you considered openID?


Receipts, customer service contact, account summaries. There's a reason why they ask I'm sure. Its good practice to keep in touch with users when money is involved.


"I can potentially see some confusion for users"...."for launch we are only going to spend time on one"

I think you've answered your own question here. I'd go for option A - it's something users will be more familiar with from their experience using other sites and it stops you losing users who don't want to create a google account if they don't already have one.

Your users are what is most important and the deciding factor in decisions such as this should always be to do whatever makes things easiest for them.

Also, why do you need to link a user to an email address to handle payments?


Another choice is to use their phone number. They sign up on the web, type in their phone number. Then they are shown a PIN, you have an automated phone system that dials the phone number and prompts them to enter the PIN that is displayed. RapidSSL.com uses this method to quickly confirm a user for their SSL certificate, so I assume it is good enough for your use.


I'd go for option A too. If people are paying for something, an email address is a legitimate request. Its a virtual world, and you need a way to contact them. I would have your privacy policy ready to go and prominent though. You might not like option A for some reason, but most of the time if the verification email is sent immediately, its not a big hassle.


What about clickpass? Although that might be subject to trust issues too.

Most users are familiar with the verification concept, although still don't like it.

Can you explain why you need a valid email address to do payments?

Just allowing Google accounts limits your market somewhat, but if you are going for techies first, then you should be fine.


It's hard to blame a startup if something goes wrong with Google logins. It's real, real easy to blame them if they went with something as obscure as ClickPass.


Keep in mind, Gmail has fewer customers than Yahoo mail or Hotmail - you're limiting your service to a fairly small number of users if you do option B, and people are probably not interested in signing up for some OTHER service just so they can sign up for YOUR service.


Control the username/email and password and ensure that the password is very strong. We're talking about money here, so it's best that you control access as much as possible.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: