Assumptions

There were a few things I knew going in.

I wanted some form of one-click sign in (for people who will never remember a password) I also wanted a way to sign in without opening email (for people who remember passwords) I needed to deemphasize the password, without deemphasizing security

We need an instant, one-click sign in because no one can remember all of their passwords. Some people choose not to. This is for them. This also covers people who sign in less often or whose priorities lie elsewhere and have no need to memorize their store’s password.

The thing is, password-less services that only do one-click sign ins become tedious if you sign in and out a lot. People whose main activities are managing their site and store would find it irritating to switch applications every. single. sign in.

Solution

We send a one-click link as soon you get a password wrong. We use the email from the sign in attempt, and when signing in fails, any frustration is met with a concrete solution:

“Your password is wrong, but no big deal, a one-click sign in link is waiting in your email.”

We take advantage where passwords are useful, but ultimately, we deemphasize their importance. First off, we use the term “passphrase.” You can read about passphrases in the article I linked to above, but in short, it’s a more modern version of a password.

We also don’t use password confirmation fields, and we never have password rules (we encourage multi-word phrases, but that’s just a recommendation).

Once someone is one-click signed in, we further deemphasize the password by skipping a password reset prompt. Normally, after clicking a “forget password” link, people are accustomed to a password reset prompt. We think if someone cares, they’ll reset it through their account settings. If not, they can just use a one-click link to sign in again next time.

I’d love to know what anyone thinks about this setup. If you want to try it yourself, spin up a store!