What do you think of our login/sign-up?

forgetpasswords.com is about rescuing us all from having so many passwords.The mission starts here. When you join us you don’t need a password.

Not tried it yet? Log in now here. How did we do?

  • How simple did you find it to log in?

  • Do you feel that the process was secure?

  • Did you use the email (magic link) login?

    • Yes
    • No
    • What is email login?
  • Did you register a device for faster login?

  • Have you managed to use the device login to authenticate to a second device by scanning the QR code?

    • Yes
    • No
    • I don’t know how to
  • Was it better/worse than other passwordless logins you have tried?

  • Is there anything you think could have been better?

  • Where else would you like to use this kind of login?

And of course any other comments you feel like sharing with us.
We are always striving to improve the experience.

2 Likes
  • It was relatively simple to log in. It wasn’t easy to find the tab I needed to go back to after I logged in.
  • I felt it was secure - only I have access to my email
  • I did use the magic link
  • I didn’t register the device before, but I tried now, some details below.
  • I tried slack magic links and they felt a bit friendlier
  • Yeah, there’s room for improvement. The process could be more intuitive, I could somehow be redirected to the website I just logged into. There could be better explanation of what happens when I complete the process.
  • I’d like to use it all the websites I don’t care about and don’t feel like building a profile in. Somewhere that requires me to be logged in and that I don’t want to worry about.

About the device registration:

I went to the link you guys posted in my browser (because that’s what I was reading it on), clicked on some links, confirmed that “Only I use this phone” (which phone? How do you know about the phone? do I need to do anything with the phone?) and the process was finished.

Now I have no idea how I’d log in with my phone, I’m not sure if I set it up right. I should be guided through the process a bit better and it should be explained more. If I needed to do it on my phone instead, the website should have detected I wasn’t on my phone.

One good way to do would be to do what’s usually done when you set up 2FA - you have to enter one or two codes from the newly set up 2FA app. Something similar could work here - after you set up your phone, you have to confirm by “logging in” to some verification/test website. This could finish up the phone registration process and teach me how to use the phone login at the same time.

Keep up the good work.

I know I’m picky with UX, if you manage to make me happy, you’ll be doing great :wink:

2 Likes

Hey!

I want to share a UX idea based on my first-time login experience with forgetpasswords.com.

The Problem:

There was friction in the process because I opened the confirmation email on my phone instead of on my laptop–where I started my login experience.

  1. I clicked ‘Log In’ to create an account on my laptop
  2. I entered my email address
  3. I was asked to check my email and click the ‘confirm’ link
  4. I opened the confirmation email on my phone
  5. I was asked to copy and paste a character string back on the ‘sign-in page,’ which was open on my laptop.
  6. I had to re-open my email on my laptop and copy/paste the character string (point of friction)

Options to solve:

Option 1: Tell me to open the confirmation email on the same device
Option 2: If possible, allow me to complete login on my desktop by just having to click ‘Confirm’ on my phone.

I’m not super technical so I’m not sure if option 2 is feasible. Nevertheless, Is that helpful?

3 Likes

Thanks for taking the time to share your feedback.

Unfortunately we can’t do this. While it is technically possible it opens up some potential attacks.

I think option one is probably a good way to go.

1 Like

How about there’s an app which people will install in setup in their phones.

  1. While logging in, the login page will show you some 5 to 10 digits code that you’ve to type in that app to verify the login instance.
    :thinking:

Delegating your authentication purely to someone’s email doesn’t actually get rid of passwords. It just trusts whatever mechanism someone currently uses to authenticate to their email. I’m not sure how you can claim you’re securely deprecating passwords with this workflow.

It’s a fair point. Although we see it more as reducing the number of passwords.
Currently the average internet user has ~90 password logins. Note I wouldn’t say ~90 passwords because I’m sure very few people remember 90 independent passwords.
Password managers often have one master password. However they are great for security because having one master password greatly increases the chances of a human remembering it and also that the human can choose a master password that is stronger