There is a site called Bugmenot, which has a large database of username and passwords for popular online services. The premise is simple: remove the annoyance and time wasting required for registering a new account on a website by using an existing account setup by a charitable person. Bugmenot is certainly handy, but it is not without its problems. What if we had a system in place that guaranteed access to any website, and that auto-corrects itself when a login no longer works? Basically a Bugmenot on steroids, which doesn't rely on charitable account donations, and auto-registers to sites using machine learning and other means. Like a digital skeleton key ?
Not Invented Here
Registration systems are a somewhat unsolved problem on the web. Every site seems to have some form of authentication system in place, be it federated/third party, like Facebook Connect, Mozilla Persona, or an in-house Not Invented Here™ user management system ― those are the worst.
Mystery Meat Forms
I've been online since the dialup modem days
</brag> and have seen my fair share of registration forms. What annoys me most about custom-built registration systems, is they usually have a mystery meat user experience, as no one registration form is the same as another. You never know what to expect in a web form, so signing up for another website is a different experience each time, and thus very difficult to automate. Believe me ― I have tried automating the registration process. I managed to sign up to most services pretty quickly with my script, but the script bailed out for certain forms and required me to manually inspect what was happening. I still use the script now and then to skeleton-key into some sites, but that won't scale when you factor in the amount of sites I am registering for. In a typical register spree, I sign up for 1000+ plus websites. Out of those, 200 require manual intervention. Now and then Bugmenot helps in those cases, but it has me wondering if Bugmenot could be better.
Let's build this!
I believe ideas are not a dime a dozen and that a digital skeleton key system could be built with the right resources, time, money, and most importantly, interest. I want to gauge the interest for a digital skeleton key system by the wider tech community to see if it's worth implementing and executing on the idea properly.
One person can only do so much, and I'm already tied under with other projects. This idea is first draft only and if the interest is there, I will let other developers know. I understand the 'build for yourself' maxim, but I also understand its opposite, which is 'build for other people'.
User registration is a largely untouched subject for obvious reasons. The minute developers, or even regular Joe talks about solving user registration ― a barrel of snakes opens up. Largely because I think user registration is a systemic problem and entrenched so deeply in the web, that any attempt to solve it, or workaround the problem is met with a cold shudder.
Registration forms harm flow states
In terms of what a 'digital skeleton key' would mean if implemented properly, and the net-net effect of having such a system: I think apart from the obvious reason of 'solve the login problem on the web', I also believe general productivity on the web would shoot up. Registering for an account on a website seems so trivial, and yet it can suck the mental energy from even the most laser-focused of us. More and more I see battle hardened web natives getting roadblocked by registration systems, because all their other systems are designed to be seamless, wireless, and work smooth and swimmingly. For example, one could be coding away happily on a new project, or writing the last chapter of a book, only to be slammed with another service's obnoxious registration form, which needs to be filled in quickly in order to submit your book to a publisher, or sign up for a very important API for your app.
Shave that yak
There are solutions out there for the login problem like Dashlane, Lastpass, Roboform, 1Password, etc, but they are like Tamagotchis in that you have to constantly look after them and retrain them for your needs. Take for example 1Password, which if you were to defragment all your logins, organize them, change the password of each account regularly - are looking at an entire weekend of yak shaving. I know because I do this more times than I would have liked. Every 3 months I set aside an audit to clean up the seemingly hydra-like appearance of all my web logins. There's just too many, and they're all clumped together in one pile with no rhyme or reason to them. Most of the logins were generated by the 1Password application itself, giving further proof to how arbitrary most web forms are, and how needless they are too. If my 1Password keychain was left unchecked for the entire year, I would have great difficulty logging into anything the following year.
I live in Beverly Hills
Most registration systems are concerned with attaching your real name to a service, or gathering some information about you. This is fine if I'm the product, and not the customer. In those cases it's perfectly legitimate to ask for my race, political affiliations, and postcode. Routinely asking for personally identifiable information is largely unfair and breaks promises with users from the very outset. That is; promises that users can trust the service, and promises there will be no red tape and roadblocks in your app, or service. If it's so hard to access an app, I often wonder how hard it is to use it, and the closet growth hacker in me wonders how many times a badly designed registration form made a visitor bounce. I suspect the churn rate is astonishing in most cases.
- Skeleton key
- BugMeNot: share logins
- OpenID Foundation website
- Growth hacking
- Federated identity
- Mozilla Persona
- Mystery Meat Navigation
- Yak Shaving
- Dark Patterns
Comments? Feel free to comment in the Reddit thread