Indeed. People shouldn't have to choose a password the first time they use your site. Our login flow in the open sourcehttp://qbix.com/platform lets the user check out the site without having to go through signup -> go to email -> click confirmation link -> back to site -> choose a password -> recover context.
In fact, most of our app users don't even have to sign up! They are invited via sms or email, and given a link that works like a capability. Clicking that link established an account for them and they get a full experience right away, complete with all their followers (people who uploaded their address books and had their number or email in there).
This is instant engagement of the user.
We don't even require a password for when they download our native app. We just go to Safari and do an OAuth 2.0 flow with our own site and give an access token to the app. That access token can be for 100 years.
They only need a password when their cookie expires or if they want to access the site from another device.
In that case, it's good to have asked for the email address or phone number in the beginning. That's the user's identifier.
Our system also works with Facebook connect, etc. but that's not the coolest part. The coolest part is having the user choose their own Qbix app as the identity provider to authenticate with, so they can visit new sites and they are instantly greeted by name, find friends on there etc. without the site knowing anything about them on other sites. That's the holy grail :)
In fact, most of our app users don't even have to sign up! They are invited via sms or email, and given a link that works like a capability. Clicking that link established an account for them and they get a full experience right away, complete with all their followers (people who uploaded their address books and had their number or email in there).
This is instant engagement of the user.
We don't even require a password for when they download our native app. We just go to Safari and do an OAuth 2.0 flow with our own site and give an access token to the app. That access token can be for 100 years.
They only need a password when their cookie expires or if they want to access the site from another device.
In that case, it's good to have asked for the email address or phone number in the beginning. That's the user's identifier.
Our system also works with Facebook connect, etc. but that's not the coolest part. The coolest part is having the user choose their own Qbix app as the identity provider to authenticate with, so they can visit new sites and they are instantly greeted by name, find friends on there etc. without the site knowing anything about them on other sites. That's the holy grail :)