[thelist] login/registration type feedback

Lee Kowalkowski lee.kowalkowski at googlemail.com
Fri Nov 26 10:20:17 CST 2010 

On 26/11/2010, Bob Meetin <bobm at dottedi.biz> wrote:
> Along with membership type services come login/registration
> forms/styles. Examples:
>
>     * Login/logout/registration box that displays on every page, perhaps
>       along the top of the browser, in a left/right column, etc.

Quite usable.  I have no data to back this up, but I reckon most users
expect to find this top-right.

>     * CSS hidden - you click on button and a sign-in/register box opens;
>       a second click and it goes away

Less simple to implement & use I think, I reckon users looking for a
login form scan the page's fields initially, then look for links...

>     * Modal (or lightbox, etc) style - click on a login/register link
>       and it opens up and more/less controls the screen
>     * Modal (or lightbox, etc) style - click on the login/register link
>       and it opens in a small, less obtrusive box
>     * Hidden panel toggle - click on a tab and a hidden panel toggles
>       open / closed

These are just fancier versions of the same thing, it's hidden, but in
all cases, the user requests to see it.

>     * Sticky box that hugs the footer/elsewhere

I dunno...

>     * Other

Assuming the site is not SSL when the user is browsing anonymously,
and that "suprise requests" are possible (a request to perform an
action that requires authorisation - perhaps the user's authentication
has expired).

I think in many cases it's better to implement authentication on an
interrupt basis.  Meaning the authentication mechanism can kick-in as
and when it is required, and the user resumes activity once they have
successfully passed (hopefully without having to repeat the action
they were attempting prior to the challenge).

This "login page" can then be requested via SSL which will result in
the display of the "padlock in the browser" to assure the user your
site is secure.

The other techniques may not communicate this, which might put
intermediate users off, regardless of whether the credentials will be
transmitted via SSL when actually submitted (users are not going to
investigate whether this is the case).  If they are going to check for
the padlock, they're going to check that it's there before they log
in.

-- 
Lee
www.webdeavour.co.uk

More information about the thelist mailing list