It's not clear at all. It's not clear to me and I've been a web developer for 15 years!
- I go to this site that I've never been to before
- It asks me to sign in with my email address, but I've never been to the site before so assume it doesn't "know" my email address
- I think look for a "Create Account" button to set up my account
- Now I'm confused as there is not a button anywhere
- I think "Well, I can't just type my email address in because that has never, ever worked on the web"
And so confusion reigns. Without some sort of iconography explaining what email addresses are accepted a la OAuth most users are going to be completely stumped.
Hey, so any email address will work. If it's not a Persona identity provider, then you'll just get prompted to create an account with the persona.org fallback IdP. You can see this right now by trying to login using a gmail account vs a yahoo mail account.
I understand the premise now, but it took me a while to figure out how it worked. The problem is, what they really need to say is something like:
"You can put any email address in here. If Persona has seen you before you can just put in your password and you're set. If you put in an email address that we have an integration with (like Yahoo) then you're all set. If you put in an address that we dont know, we'll ask you to create an account and then you'll be signed in. We might well have seen you before, so maybe try your 'normal' email address but the chances are you won't know whether we know about you as this is all too new."
Because THAT is basically how it works (AFAICT) but obviously that's a lot of text and no one actually reads text on websites.
The problem is that no one knows WTF persona is. Like my Dad and my wife have no idea what it is. They are also REALLY nervous about just putting their email address and password for a separate account into a website they have never seen before, AND FOR GOOD REASON!
This is a total usability clusterfuck. You expect my Dad (who calls the entire internet "Google") to accept this and not get worried about it?
They need to put MASSIVE INTERNET BRAND LOGOS in that box. Like Facebook, Google, Yahoo, Apple. Brands like that. Brands that, you know, my Dad has actually heard of and might actually have an account with.
I can see they are going in that direction with the Yahoo announcement, and MASSIVE KUDOS to them for that, that's a big step. Bit right now the usability is fucked and will stay fucked until the Persona brand as as big as Apple's or Google's. So never.
There's a sleight-of-hand Amazon plays with their own sign-in box: they give you a single "email" box, and then two radio buttons -- "I'm new" and "I already have an account and here is my password" [with a password input below that option].
The clever thing is, the radio buttons are completely ignored -- if you have an account and the password matches, you get logged in; if you didn't put in a password, and the email isn't in their records, they bring you to the account creation flow. The radio buttons are just there to let users express a choice they expected to be able to make, and thereby keep them in flow.
A better Persona login box could just do the same thing, but without the password input box under the "I already have an account" option. In fact, since selecting an option is the last step of the flow, just have an email field with two buttons, "Sign Up" and "Log In". Both buttons do the same thing :)
A reasonable guess for "Sign in with your email" prompt is that you'd need to go through a typical account creation process using your email as a primary ID. In other words, the message looks like a synonym of "Create an account".
There gotta be more thought put into how to make people aware of Persona mechanism, because it is quite different from all existing sign-in options and it needs to be learned of explicitly.
After you click a button labeled sign in, the popup reads "[Your site] uses Persona instead of usernames to sign you in. To sign in with Persona, please enter your email address."
I'm not sure I can do better than that text -- do you have any suggestions?
Sure. How about adding "This does not require registration in advance." (Or "previous registration" or "a previous account" or whatever is clearest). The problem is users searching for "Create Account" instead of "Sign In" when there is no "Create Account".
Edit: Sorry, on review this post was tangential to the point to which you were responding (about why the email is needed). It was targeted more at the point about user confusion by the login process.
- I go to this site that I've never been to before
- It asks me to sign in with my email address, but I've never been to the site before so assume it doesn't "know" my email address
- I think look for a "Create Account" button to set up my account
- Now I'm confused as there is not a button anywhere
- I think "Well, I can't just type my email address in because that has never, ever worked on the web"
And so confusion reigns. Without some sort of iconography explaining what email addresses are accepted a la OAuth most users are going to be completely stumped.