Leave the Authentication to Us: Third-Party Authentication On Your Site

Let’s face it: Website user authentication can be a pain, for both users and site owners.

For the user, there’s a registration process, which can range from mildly annoying to downright laborious and intrusive. There’s yet another username and password to remember. And for users who forget their passwords, there’s the password reset, which sometimes works and sometimes doesn’t. Then there are the users who forgot that they already registered on the site and wonder why their chosen username is already taken—or what it is.

For website owners, many platforms, such as WordPress, have much of the user authentication functionality built in, but it still needs to be set up and configured, including designing a registration form that collects good marketing information without being too tedious to fill out. Then there’s the constant risk of the user database being hacked, and all the users (the ones who will still visit the site) having to reset their passwords.

One alternative to local authentication that some website owners are turning to is to let someone else do it. That “someone else” is typically Facebook, Twitter, or other social media sites that provide the appropriate developer tools.

How It Works

Taking Facebook as an example (other social media sites have a similar process), you register your site as an app with Facebook. A small amount of JavaScript or PHP code on your site adds a “Log In with Facebook” link on your home page. Users who want to log in to your site with their Facebook credentials authorize your “app” to access their Facebook data (they typically do this only once), and once they do, they have full user access to your site.

With Facebook, you can configure the specific types of data you ask your users to share. It’s a simple “Yes” or “No,” making it easier for the user—and therefore more likely—for the user to agree.

Pros and Cons

There are a number of advantages and disadvantages to this kind of third-party authentication.

Advantages:

  • With no registration forms to fill out, and no additional usernames and passwords to remember, the registration process is quick and easy for users.
  • The website owner can get increased social media exposure by enabling users to share their activities on the site with their social media networks.
  • Because there are fewer locally-registered user accounts, you have less user data to tempt hackers, and therefore reduced risk of compromised user accounts.

Disadvantages:

  • It’s hard to believe, but not all users have social media accounts, and some of those who do may not feel comfortable authorizing your site to access their social media data. For these users, you will either still need to provide a traditional registration process or turn them away.
  • Once you implement it, it is difficult to un-implement it without losing a large chunk of otherwise loyal visitors.
  • If you don’t already have a presence on the social media sites you would be partnering with, you will need to add one, and maintain it—after all, you want to give your users something they can “like,” right? This represents an extra effort you need to account for.

Taking the Plunge

Adding third-party authentication features is not difficult or costly, and you aren’t limited to only one third-party authentication (many sites have both “Log in with Facebook” and “Log in with Twitter”). And as those social media sites evolve, you can take advantage of their new features and additional user data. If this sounds like something that will help your site, your visitors, and your business, talk to your friendly neighborhood web developer who should be able to set it up without hassle.