top | item 16543719

(no title)

I run a small SaaS (aimed at businesses and professional freelancers) application which originally only had GitHub and Facebook authentication. I'm now only giving the option of email for new users, and will eventually remove GitHub and Facebook for all users. For my target demographic third-party authentication was really the wrong choice, but I can see how in some cases it could be useful.

Many other parts of the signup flow changed at the same time, so it's hard to measure the impact, but from my side it's much better having an email - I can find out what account someone has when they email me for support, and I can send them account notifications and marketing emails.

In one case I had a company email me, as they had forgot how to access their account. The user who emailed didn't have an account in the system, so I had to ask them to forward an email they were receiving from the application, and eventually found they had signed up with an old GitHub account for the company, that was no longer used (after this I added the account name to all emails I sent).

I'm also currently evaluating the best way to add PayPal as a lot of my traffic is from countries where credit cards aren't so popular. I currently use Stripe, but am trying to find a service to outsource all billing, to avoid having multiple payment provider implementations. I can see how customers could feel uneasy giving their credit card details to a random website, where as with PayPal you don't have that risk.

discuss

blattimwind|8 years ago

> after this I added the account name to all emails I sent

Good takeaway: If you're using $randomThirdPartyAuthentication, then you should make it clear to the user how he's actually authenticated with you (in emails, but also the website, if sessions are long-lived).

A few years ago I accumulated a few stackexchange accounts because it wasn't quite clear what SSO was used, so I ended up with one account for each...