Ryan Bilesky

You make the classic mistake of conflating correlation with causation. Maybe statistically those who spend more money with Amazon regardless tend to find more value in Prime and thus are more likely to become Prime members. Or maybe because they're Prime members they buy things from Amazon they were still going to buy, but just form somewhere else otherwise.

🌶️ Who thought designing a login page like this was a good idea? It's nice to have multiple login options but like how does your average user not get confused by this? Some sites will show a badge next to the "last used" method to point the user in the right direction, but what if they're on a different computer? And you're basically admitting the other links are mostly meaningless. On my current project I took the Google approach to a login page. Ask for an email only at first, then show the second step. But in my case the second step is contextual. If you have a password it will show a password form. If you use Sign in with (service) you see a sign in with (service) button. If your account has multiple login options you see only the ones you setup on your account. And like Google it will remember your email on your computer and let you just one click to get to the second step without having to type it in again. It's cleaner, it guides the user to the most relevant actions for them, and it works on every computer.

The short answer is, like with most things, it depends. You can design a signup form that doesn't leak it either, just accept the form and say please check your email to verify your address to continue but if the email already exist send them an email telling them that instead, so you're only telling them an account exists if they have access to the email. That said as a web developer my opinion is it depends on what you're building. If I'm building an online banking portal absolutely. Some random SaaS service, probably overkill. And I'm not alone in this try to login to Google, they break up their login into 2 distinct steps, email then password. And if you enter a non existent email in step 1 they tell you that. Now arguably since most Google accounts are gmail accounts you can also verify existence by simply emailing them and seeing if it bounces the point is if Google decided it's ok to show that on their login form it's probably not a big deal. But "its best practice" gets ingrained in us. And honestly I'd rather we be overly careful than completely careless.