Resonating intro
You’re an indie hacker and building a cool new web app. Of course, it’s supposed to have users. Hopefully many of them. At least it is designed to have a user. They need to log in to perform some actions. So you’re adding the login form and the registration form. And thinking about confirmation email flow already. You know, those tokens you get in the mail, and you have to click them to verify yourself.
If you are a developer, chances are that you built several user auth mechanisms in the past, so you know a thing or two about it. And then, it hits you.
What if my user forgets the password?
You, before going through this blog post
You start thinking heavily about providing that feature. I’ve already talked about how we can easily lose focus when developing a product, so you might check that one. Here’s my two cents on this topic. I’m not saying do create email confirmation flow it or don’t. I’ll ask dozens of questions and you can hopefully decide is it worth it.
Why would you need email confirmation flow?
Let’s go through this question. You’re saying you need to build email confirmation workflow… for what purpose? You may have come up with these reasons:
- Finish registration they said,
- reset password they said or
- prevent our system from bots and fake accounts, they said
What will happen if you don’t have email confirmation flow?
Is it OK to have users immediately logged in and ready for action? Is there any harm in letting the user who just has registered do everything that is possible with his account? From the functional perspective, what would be the main difference between verified and non-verified user.
If you don’t have emails, resetting password have to be done manually. Can you do this? Is it possible, from technical perspective? Is it too much manual work for you?
What would it mean if your website gets like 200 bot users? What they can do, once logged in to the system?
Setting email confirmation flow may cost you some time/money.
And time is money. Or, to say it in the startup mindset – you could use that time to add some value into your product. You would definitely have to invest some time to set it up correctly. If you do it manually, from scratch, then there are a lot of things to be taken care of. Similar goes if you’re using some external auth services, for example Amazon Cognito. It definitely would cost you either a) time to setup everything correctly and b) money to set up it quickly. Now think again about the values that you’re getting when involving email confirmation flow.
Emails have to be sent from somewhere
If you don’t own your mail server, then you have to set up who will send the emails in your behalf. Again, same story. In the end, it will cost you either time or money. Do I have my own mail server? How to find a service that would fit my needs. Do I know a SaaS that is sending the mails, and I’m familiar with using it?
What will you do when you find out about flaws in delivering your emails?
You’re implementing super cool feature in your product, yet to find out you have a lot of problems with delivering emails. It ends up in the spam or something similar. You know you have to fix this, in order to get new users. And this could take some time. Time that you could use to work on the specific super cool feature. Yes, of course, it can be configured to minimise the chances of mail not being delivered, but again, time and money.
Roses are red, Violets are blue, Now we are coming to the most important question, For you!
>> How many users do you have? <<
Think hard on this one. Think about your user base. Real one. Not potential. Neither ideal. Forget about the numbers you wish it would be cool. Be honest to yourself. How many users do you have?
Is it like 5-10? A hundred? More than a thousand?
How many times, based on the user base count and the nature of the situation, you wished you had it automated?
Let’s say you have 100 users. Not all of them will forget the password in shorter time frame. You see my point? Is it a big deal to reset the password manually?
But, let’s take another situation, that could happen very easily. You have 5-10 users, or even under 5. None of them forgets the password, or maybe they don’t use your app anyway, no matter how hard you’ve tried.
How would you feel if there are no users and
a) you spent some time building the email verification flow or
b) didn’t spend time building the email verification flow.
See?
Conclusion
I would say that adding this feature is one sort of premature optimisation. Especially if you suppose the number of the users. Be careful. First get those users. But, this way of thinking is based on us surrounded with login flows on many major websites we’re visiting every day. Keep in mind the phase those products are in, comparing to your product.
You’ve come here because you had a question. Instead of answer, I’ve asked a lot of questions in the article. But they will lead you to your answer.
Thanks for reading. Leave your thoughts on this topic or share the article if you find it usable.