Make signing in to your website dead simple, go passwordless!

This post is part of my UX Quick Wins series. Each month, I share common usability and accessibility issues on nonprofit websites and simple ways to solve them. To get these tips in your inbox, sign up for my UX Quick Wins newsletter.

---

Recently, I worked with a nonprofit with a fantastic educational program teaching k-12 students how to protect the ocean from plastic pollution.  The program is popular and thousands of educators have signed up.  But, few have actually completed it. 

I helped the organization identify a major point of friction that was keeping educators from engaging with the program: the account sign up process was unnecessarily difficult, preventing new users from accessing the program’s content. 

I set out to recreate the user’s journey from signing up to creating an account to completing program objectives. While the sign up process was long (it took me more than 5 minutes to complete it), it wasn’t the focus of my UX audit since the  program’s sign up rate is high. 

I encountered the first real friction point when it came time to complete the registration progress and create my account.  I was met with a screen with a suggested password to use to finish setting up my account.  But each time I tried to use the suggested password, I got an error message.  

The password generator suggested passwords that didn’t meet the website’s requirements, causing frustration.

Eventually I realized that the suggested passwords weren’t actually meeting the website’s password requirements.  And while I was motivated to keep going since I was auditing the website’s UX, many of the nonprofit’s supporters ( busy educators with limited time)  would have given up long before I did.  

The quick win was to eliminate the faulty password generator. With that out of the way, we could remove one major point of friction in the sign in flow.  One that prevented many new users from creating an account to begin with. 

The long term solution is to switch to a passwordless login that would eliminate the need to create and remember a password at all. This minimizes the friction each time a user returns to access the website by allowing them to login via a link sent by email or text instead of remembering a password.

Going passwordless is also a more secure sign in method than using a password alone because it works like a second authentication factor, making it harder for cyber-criminals to guess or steal. As noted by Charity Digital, “while passwords are accessible, cheap, and portable, they are also frequently reused, forgotten, guessed, brute-forced, and stolen.” (1)

Eliminating passwords is a great option when users need to access a website infrequently and/or inconsistently.  For example, in this case educators need to access their accounts several times over the course of the school year, but not every day, week, or even month.

If your organization uses WordPress for a membership or educational website, there are plugins you can use to enable passwordless logins. Just search the WordPress plugin directory for “passwordless OR magic login” and you’ll find plenty of options:

• WordPress.org (the version you host yourself) plugins: https://wordpress.org/plugins/search/passwordless+OR+%22magic+login/
• WordPress.com (hosted) plugins: https://wordpress.com/plugins?s=passwordless+OR+%22magic+login%22

Your fundraising software may also offer a passwordless option for donors to log in to their accounts to manage recurring gifts.  It’s worth asking to find out.

For the ocean conservation nonprofit I helped, eliminating the friction created by creating  a password will greatly increase the number of educators who are accessing their programs and, ultimately, the impact they’re able to have on the next generation of ocean activists.

(1) Why charities should invest in passwordless technology, Charity Digital, December 2024.