I have a closed beta service and we just released a prototype to get user feedback.On our site we allow users to use their gmail/hotmail/yahoo accounts to authenticate themselves. As far as implementation is concerned we take all the precaution to make this login safe. We use SSL, do not record any passwords or users etc.. in short we are legit. However, users still seem to be hesitant to provide their password and username to a small service like ours. Market penetration of OpenID and tools like ClickPass is so limited that those words on our site don't do any good either.<p>How can I make users trust my site?
As for contacts and the address book:
+ <a href="http://code.google.com/apis/contacts/" rel="nofollow">http://code.google.com/apis/contacts/</a><p>+ <a href="http://developer.yahoo.com/addressbook/" rel="nofollow">http://developer.yahoo.com/addressbook/</a><p>+ <a href="http://msdn.microsoft.com/en-us/library/bb463989.aspx" rel="nofollow">http://msdn.microsoft.com/en-us/library/bb463989.aspx</a><p>Stop using the password anti-pattern (<a href="http://adactio.com/journal/1357" rel="nofollow">http://adactio.com/journal/1357</a>)<p>Facebook has a nice auth flow that <a href="http://www.billmonk.com" rel="nofollow">http://www.billmonk.com</a> uses. I'd suggest that.<p>Oh, and hire a visual designer. A strong visual design goes a lot farther than any copy or lock icons ever will.
Why not allow them to create an account without giving you that information? Then they can get into the app and see that it's legit.<p>Also, user testimonials might go a long way towards building some trust.
Google lets users log into other sites with their Google Account, there's an API for that. So just use the service that's already available; then the users don't have to trust you.<p>ClickPass bottles this all up into one convenient service, so why not use that?
Only a fool would give away personal info like that.<p>Most social sites trick you into giving away that info when you sign up in order to spam everybody in your contact list.<p>I really don't know how Mint (financial) can get away with such sensitive banking information. Beats me.
We put a detailed explanation on our wiki in layman's terms about how we only store hashed versions of your passwords--so that even if our systems were compromised, your data would stay safe. If you stress transparency, then the users who care enough to go looking will find that reassurance.
You can't. And don't use market penetration of OpenID or ClickPass as an excuse. It's the old chicken and egg problem.<p>"People don't use it yet, so I won't implement it!"
"People aren't using it because no-one is implementing it!"<p>And like hell I am giving the passwords to any of my mail accounts or anything, TO ANYONE.<p>Just implement OpenID and ClickPass and use APIs and such.