Make It Easy... But Trust Comes First

Published: by

Sometimes, you just want to collaboratively share online editing of a document. Five people in far-away places - or maybe just a block away - want to edit something together. Google Docs is great, but requires a Google account and is somewhat heavy. Hackpad is a good lightweight solution, and very easily embedded inside another Web page or blog.

Needless to say, to edit on a hackpad, each person needs an account. Like many sites nowadays, it gives you several options:

  • Set up a account
  • Sign in using Facebook
  • Sign in using Google

These sites try to make it easier (i.e. less "friction") to register by allowing you to simply sign in using an account you already own. In general, I don't like outside sites accessing my Facebook account, as a I view it as personal (arguably I don't like the NSA accessing it either, but that is out of my control), so Google is a reasonable middle ground.

I tried to "sign in using Google", at which point a window pops open, and Google tells you exactly which services they want to access:


Now, viewing basic information about your account makes sense; so does viewing your email address. After all, these are things that I would likely provide to them anyways if I just signed up for their account. And then we get to, "Manage your contacts." For any customer, that is a big red flag. The first barrier is seeing contacts. While most people nowadays are willing to accept some level of apps seeing their contacts and sometimes even posting on their behalf to their Wall/ tweeting, many people view their online Google contacts as the core "absolute truth." Giving an outside app, however trusted, the right to "Modify Contacts", when there really is no well-understood reason, is guaranteed to create a barrier to adoption.

When you try to reduce steps to make things easier for a user, at the same time, you are asking them to trust you more. It is crucially important in these circumstances, and any that involves asking for trust, to simultaneously:

  1. Think through the exact limits of that trust and stop short of it.
  2. Make sure that the trust you request makes sense to the user in their context.