Sign-in patterns
The sign-in screen is the gate between a returning shopper and their cart. The pattern depends on how much friction the brand will absorb in exchange for security, and how aggressively it wants to lean on third-party identity providers.
Amazon
Email and password form
The traditional pattern. A centred card with email, password, keep-me-signed-in checkbox, forgot-password link, and a secondary route into account creation. Still the default for marketplaces and large retailers.
> what's good
- +Familiar to every shopper, zero learning curve.
- +Password managers and autofill handle it natively.
- +Works for shoppers who do not want a third party tied to their order history.
> what's risky
- ·Forgotten passwords are the single largest source of account-recovery tickets.
- ·Password reuse across sites means breaches elsewhere become breaches here.
- ·Form friction at checkout drives shoppers to guest flows or abandonment.
DTC default
Email-only magic link
A single email field, one CTA, and the rest happens by clicking a tokenised link in the inbox. No passwords stored, no recovery tickets. Common with conversion-focused DTC brands and modern SaaS-influenced retailers.
> what's good
- +Removes password storage and reset flows entirely.
- +One-tap sign-in works particularly well on mobile.
- +Lower support load, no shoppers locked out of their own accounts.
> what's risky
- ·Inbox latency feels broken when delivery is slow or filtered to spam.
- ·Shoppers without easy email access on the same device hit dead ends.
- ·Tokens leaked via shared inboxes or screenshots compromise the account.
Social SSO row with email fallback
Three social provider buttons stacked above a divider, then an email and password fallback below. The shopper picks the path of least resistance. Now standard on most modern checkouts and account pages.
> what's good
> what's risky