Show HN: I built a free, simple login service. Would you use this?

I agree with kenji&#x27;s (dead) comment.<p>I&#x27;d rather set up login functionality on my own server. If you use a third party service, their downtime becomes your downtime. Worse, you&#x27;re injecting another company into your relationship with your users. If that were necessary, I&#x27;d choose one the customer was already familiar with, like Google, Facebook or Twitter.<p>Setting up login isn&#x27;t very difficult and libraries exist for most webdev languages to make it even easier. It&#x27;s definitely not worth 5% of my revenue.

If I had some smaller website that I charge nothing or barely anything on, I might. If I had a bigger SaaS product, probably not. I wouldn&#x27;t say your pricing is necessarily unfair, but paying 5% for what is probably a very small part of the application, I couldn&#x27;t stomach.

I am afraid, I would not use it. As others pointed it out, login is such a small part of a system that it&#x27;s not worth employing a 3rd party service to get it working. Also, using this service requires trust. I personally don&#x27;t use nor implement FB, Google, etc logins either as I don&#x27;t trust them.

Wouldn’t it be „wrong“ to teach my users to trust login emails coming from a foreign domain? Also, how do you plan to keep your emails out of spam folders and blacklists? From your website it wasn’t clear to me how I would check the login code for validity.

This is actually a really cool idea. I think the people who are saying they don’t want to inject a 3rd party in the middle of their business are missing the point or are working on projects large enough that this doesn’t make sense.<p>A 5-7% overall fee (once stripe’s fees are taken into account) could make sense for a lot of small businesses that don’t want to manage this stuff, although I feel realistically you could reduce your fee significantly for larger customers.<p>The fee structure also starts to make a lot more sense if the focus is less on login, and more about making it really easy to monetize your product (different subscription tiers, gating features, pricing suggestions, funnel analysis, a landing page generator, etc).<p>Regardless I’ve built side projects before that still have lots of daily active users that I never monetized because I couldn’t be bothered to do all the payment and subscription integration work.<p>If I could start a new project today and know that I have:<p>1) User management (auth, password reset, etc) which is tedious to reimplement 2) Payments<p>Working from day one that’s a very enticing idea, although you’ll need to build faith that your service is reliable and will be around for a long time to get people to start using it.<p>My email is in my bio, feel free to reach out, I’d love to chat about it a bit more.

No.<p>If my app is small, I&#x27;ll roll my own or use the free tier from Auth0 or Okta.<p>If my app gets big, I&#x27;ll roll my own or pay for Auth0 or Okta.<p>Like a lot of SAAS ideas, a login service is: too critical to trust with an unknown, already a mature SAAS offering elsewhere, and easy enough to implement yourself if you don&#x27;t want to pay for it.

I like the idea but what benefits do you provide over using SSO with Google and setting up stripe myself? I&#x27;m not sure ease of use would bring me to use you over what is currently available

I am currently using Auth0 which has all the cool functionality of logging in with 3rd party services, user management, and so forth. I think I am paying them $25&#x2F;m to use it, something fairly trivial but non-zero.<p>If I were getting started with logins again, I&#x27;d say I could pay you $250 one time just to download all the code, and roll it out on my own systems in minutes. This way I&#x27;d have user auth with easiest setup, and no need to reinvent it on my own. Probably.<p>But, are you just testing things, or is Login.land real? Since your own login system asks for password, instead of email-based auth like you are showing in the screenshots, I suspect that maybe this is just a test :)

I&#x27;m currently building a kind of game website that needs a login system.<p>I like the idea of going passwordless and just checking an email and clicking a button. That seems low friction. I like that you don&#x27;t require a credit card from me. I also don&#x27;t expect to charge users ever so I like that the service would be free.<p>On the other hand, my hope in building my current project is that I&#x27;ll show it some people and they&#x27;ll enjoy it and I&#x27;ll keep working on it and more people will keep using it etc. If that does happen I&#x27;d want complete control over the login system and I&#x27;d hate to be in a situation where I couldn&#x27;t make changes to the system (or remove your component) because my users were already logging in via loginland.<p>For example, I imagine a future where people love my game it&#x27;s taking off, but there are problems with your service. If I replace it, I have to figure out a way to preserve the accounts and logins of current users while simultaneously giving a good experience to future users. It seems easier to just do a minimal login system on my own now and improve it as needed.<p>Finally, if I were in a money making venture, I&#x27;d have the same concerns plus I&#x27;d realize the cost of 5% is probably disproportionate to the savings - which would be having to implement a very well understood solution.

My first thought when I was going through the page: HN will not see much value in this given it&#x27;s a highly technical crowd.<p>I urge you NOT to get discouraged, and to chat with non-technical online small business builders: you&#x27;d find many who market primarily on Instagram, who are just figuring out how to get a nice website for their brand.<p>I see a lot of value if you position your service as a way for them to offer a tiered loyalty program for their customers: i.e. &quot;log-in via loginland, buy on our site and rack up points that you can redeem later!&quot;.<p>Not sure what the integration would look like with their existing website builder stack, but could be fruitful to look into this.<p>Also, there are MANY brands looking to spin up their first online store for their brand - may even make sense to offer a very basic product listing that lets them sell products and manage loyalty programs easily with their customers.<p>Just a few suggestions that stemmed from recent conversations with founders of these kinds of small scale Insta-marketed brands.

I recently made the toss up between Auth0 and my own system. Ultimately I couldn&#x27;t bring myself to use Auth0, it wasn&#x27;t the price but the lockin that got me. Being able to log into a product is a key gate and I don&#x27;t want to lose control over that even if it is slightly more work in the early days. What&#x27;s more, it becomes extremely hard to migrate away from.<p>As someone else suggested in here, I&#x27;d be happy to do a one off payment for a system under my control. However, a handing over the literal keys to my product is not something that I&#x27;m comfortable doing, especially without reassurances that I can easily migrate away from it. The fact that there are so many good libraries that deal with the most painful parts of this just make the sale harder for me.

Your fee example seems either plain wrong or dishonest. If you use Stripe to handle payments, the fee of using your service must be higher than using Stripe directly. But you claim that Stripe would take 35c, but you only 25c.

A few too many steps, don&#x27;t you think?<p>Why would the Login website redirect to Loginland instead of just sending the email directly and displaying an &quot;please check your email&quot; popup? One less page load.<p>Why would the email redirect to Loginland, not to the original website? OK maybe that&#x27;s absolutely necessary because of some invasive anti-privacy user tracking, but even then, why would Loginland website tell you to <i>close</i> the window and go back to the <i>original</i> window (what if the user closed it already??), which would only then redirect to original website?<p>Seems like a lot of ceremony for nothing.

No:<p>- for trivial projects, I don’t want them to stop working one day<p>- for more serious services, moving login to a third party is a huge risk. The upside isn’t worth the risk. Even if it did your pricing is way too expensive, but that could be fixed.

I&#x27;ll comment in an end user standpoint. I&#x27;m not trying to debunk your idea. I know, having an idea and acting on it is a hard thing and kudos for that. I would love easier login process on every site.<p>I don&#x27;t know your likely use case or target market. So I&#x27;m using an imaginary one based on my usage.<p>Disclaimer: I&#x27;m not your average user. I use password managers heavily. But on the other hand every browser have some kind of integrated password manager.<p>My imaginary scenario has these assumptions: - This website relatively simple and offers unimportant service because otherwise it&#x27;s not a good practice to use this service. So my security need relatively low. - I&#x27;m using this site relatively often. Maybe a few times a week. Otherwise these points are not that important.<p>My imaginary scenario has two cases: - I&#x27;m using my regular PC &amp; Browser On a website using this service, I always have to open my email address and click a link to approve login. And if there is a &quot;Remember Me&quot; option only the first time. So my cumulative additional cost between somewhere 1 - infinity extra steps. On a regular site, I&#x27;m already in here. I&#x27;ll just hit a key combination for password manager and I&#x27;m done. And if I&#x27;m using browser&#x27;s password manager I&#x27;ll probably just need to click login. - I&#x27;m using a new PC and&#x2F;or a brand new Browser&#x2F;Profile My email address has 2FA active with a really complex password. This just caused me unnecessarily 3 step instead of 1 to login.

First thing I noticed, hovering the big &quot;Get started&quot; button did not change my mouse cursor to a link-pointer. Just a small suggestion :).<p>Edit: Also, after clicking on &quot;Get Started&quot;, the first field (email) should be in focus so the user can start typing, without having to move their mouse and click it first.<p>Edit 2: I love the simplicity of this tool. The interface is pretty good (but not yet great). How can I contact you?

Anything that requires me to traverse through different applications to login to a website, unless it is managing my money or very sensitive personal information, is NOT SIMPLE. And for those which require more than one app to login, I much prefer tried and true 2FA apps like google authenticator or Authy or RSA tokens etc. Email is inherently insecure. Why make my 2FA an email?

The flow is really confusing.<p>You enter your email, get taken to a page that tells you to open the email. If you close that page then you can&#x27;t login even after clicking the link in the email as you need to leave that tab open, open a new tab for your email, open the link in the email, close that and go back to the original login tab.<p>Why can&#x27;t you just click the link in the email and you login?

It’s not free if you ask for a share, therefore the title is misleading. Maybe title “I built a simple login service” would be more fitting. However, I would need to question simplicity as checking your email is far away from simplicity UX wise. I wouldn’t use your service if you would pay me to use it. Comparing your service with Stripe is just ridiculous...

I can definitely see myself using it when creating an MVP, but longer-term I&#x27;d probably set one up myself.<p>In terms of the pricing, it may be worth considering a cap (e.g. 5% on successful payments up to a maximum of $Y a month), otherwise, you might find that your entire userbase ends up being comprised of early-stage projects that are making little to no money.

I&#x27;m surprised you&#x27;re not dog fooding: <a href="https:&#x2F;&#x2F;login.land&#x2F;login" rel="nofollow">https:&#x2F;&#x2F;login.land&#x2F;login</a> :)<p>The page leading to login is a bit too plain. Makes more sense to point to &#x2F;login instead of <a href="https:&#x2F;&#x2F;login.land&#x2F;admin" rel="nofollow">https:&#x2F;&#x2F;login.land&#x2F;admin</a>

It seems interesting but does the user have to check email any time he&#x2F;she decides to log in to my service?<p>If so i don&#x27;t consider it interesting.<p>I would consider very interesting something similar to firebase authentication without having to include all the google privacy killer stuffs and for free.<p>(Edit: i didn&#x27;t read the text where you explain how you make money)

As a software developer, I wouldn&#x27;t use this service. But if I was someone without my skillset trying to build a no-code &#x2F; low-code MVP, I definitely would try this out! I think that may be your sweet spot. I don&#x27;t think HN is your ideal audience.

This is really cool, and its an interesting way to try to monetize what would otherwise be a relatively small service.<p>The big issues here are trust and security. Before using a third-party login, especially if it isn&#x27;t one of the big ones, I would need to understand more of how it is handling the data. A breach in your service translates directly to a breach in mine, and the intro page does not describe many of the details.<p>Does using your service offer the end users any benefit compared to a third party login or built-in login service? As it stands, it seems like they will be giving their email address to yet another company, which may erode their trust in my own service.

No.<p>Google signin is used because of Chrome&#x2F;Android(Or browsers in general because of Google account which many people have it atleast because of Gmail).<p>Apple ID( their login ) is useful because of Apple ecosystem which constitutes IOS,MacOS,etc.<p>So,there is no appealing reason to use your product. What if it is down in future? Also,it&#x27;s closed source and not federated.<p>I am interested in federated login system(Probably OpenID based?)<p>Think it like a single self hosted login system for all Gitea(which may happen in future)&#x2F;Gitlab instances or federated open sourced self hosted(or company hosted) alternative to Google signin , speaking common protocol.

The market you want to target is people who aren&#x27;t software engineers but want to run a simple website. The gulf for someone who just wants to serve a static html site but wants to have some content that requires secure access is huge right now.<p>Consider the use case for a person buying woodworking plans from a website. Payment required to access pdf plans, but the owner of the website wants to set it up once and not worry about it, and not to have to learn anything more about coding than they have to.

I believe people call these &quot;magic links&quot; or &quot;magic URLs&quot;. There is definitely a market for it, I recommend searching for competitors and see what you&#x27;re up against.

I tried setting up an account and got a Firebase error, but generally the answer is no. Sorry.<p>I&#x27;d have to have faith that your implementation of the login flow is more secure than one I could build or get elsewhere. Any weird security smells (like the login page differentiating invalid user email address from invalid password and leaking Firebase errors to the user) are going to lead me to believe that the code hasn&#x27;t been reviewed from a security perspective.

I would only use it if I needed to create a quick MVP&#x2F;PoC but then I&#x27;d fastly run to implement it once the idea is validated. In addition to the reasons already mentioned here, I&#x27;d say login is one of those features every language has a ready-to-use library for. Also, it might be that a certain ACL is required too, which is typically very specific for your domain.

Facebook had a free simple login service, over email and SMS as well. Until they shut it down.

But it&#x27;s not quite free.

Hi benzgou. It seems login.land is down. What happened?

Interesting monetization strategy of integrating payments into the flow.

While I like this a lot, I don&#x27;t like the idea of creating a new customer in Stripe every time someone signs up as a free user. Perhaps this works better for other types of businesses.

No. The login flow is too tedious for the user. Too many clicks.

The redirect should happen automatically when they click the email, you shouldn’t ask the user to shuffle around their tabs after that point.

Firebase: No Firebase App &#x27;[DEFAULT]&#x27; has been created - call Firebase App.initializeApp() (app&#x2F;no-app).

Honestly I don&#x27;t see any scenario where this service would add value, on the contrary.

login.land seems to be down. What happened?

If I would use a an external login service it would need to be fully featured:<p>- GDPR compliant - (multiple password) recovery processes. - user account hacking protection (with notifications) - two factor authentication. etc.

Open source it.

It&#x27;s a fun project, and kudos for shipping something at all!<p>My honest feedback:<p>There are already a host of services that do authentication, and a host of services that do payment and subscription management, and the leaders in each of those spaces are actually quite good. Loginland currently sits in the middle - it&#x27;s not the best authentication system, nor is it the best payment system. It&#x27;s just a little bit of both.<p>So, how do you combine the individual value of those services into something that is distinctly valuable? An interesting example in this space is fast.co. I have no idea if they will ultimately be successful or not. However, they verticalized specifically to e-commerce and combined login + checkout to a single step that is significantly easier&#x2F;faster for the customer than a conventional checkout process. The pitch to the seller is: higher conversion rate, meaning more revenue (and we can potentially reduce fraud in the process). Among other things, they do this by opting for a fixed-time instant cancellation window after the order, rather than putting up a confirmation page beforehand. They use the strength of the identity system to streamline the checkout process, which is a unique merging of those two things that provides real value. There&#x27;s also not much downside, as the traditional e-commerce customer doesn&#x27;t associate much value with customer identities in the same way that a SaaS platform might. As it currently sits, I don&#x27;t see that value unlock for loginland, so it feels like a mushy middle position.<p>Another direction here is thinking through how media is monetized. Right now, most major news publication (NYTimes, Washington Post, BBC, etc) have login and identity management mostly for managing subscriptions to news content (the identity itself isn&#x27;t a ton of value to these companies). I believe there is probably a business that can be built around offloading identity and payment for these companies (customer has a relationship with loginland, loginland can get me into Washington Post content in a single click). Helping news companies shift more of their revenue from ads-based to consumption based or recurring would be huge. This business may already exists in several forms (I personally know a founder that started one which ultimately did not work out), but is another example of a vertical play.<p>In short, as you navigate next steps for this product, I&#x27;d advise you to keep an eye on where your customers will really get value from you. Streamlining identity management or checkout might not have as much of a conversion lift for SaaS as it would for other industries where purchase intent is lower. Look first for those, and see how you can best help them. Don&#x27;t get discouraged by the comments here, though. Often times tiny tweaks make all the difference between success and failure.

I would just run Keycloak.

Is logging in that hard?

No.<p>Devise is pretty simple to set up.

absolutely not, never. it&#x27;s one of the worst ideas ever.<p>why would i give you the email address of all my accounts, and the ability to spoof them, for something that is trivial to build myself?

This is cool

so this is similar to fast.co?

will you be there in 10 years?

Yes

yes very nice !

Why would anyone use this? Just write your own login, it&#x27;s not hard, and you don&#x27;t have the dependency on a 3rd party site that can go down at any point in time.