Build or Buy: User Authentication

Build or Buy: User Authentication

If you have users, then a reliable auth system is going to be a requirement for your company—whether it’s small or large. And like any project, setting up auth can either be done in house or handled by an external service. While you may think, “It’s better if I just handle this myself,” developing your own auth isn’t guaranteed to be the most cost-effective or safest choice.

In this blog, we’ll walk through some common auth scenarios at different company stages to help you determine your auth needs.

Hobbyist

If you’re a hobbyist, you most likely are working on your project for fun. Whether it’s a game for friends or an app for yourself, the chances of needing to create a custom auth system is low. Why? Because your time is better spent on building the enjoyable parts of your hobby. While simple authentication with usernames and passwords isn’t the most difficult feature to set up, if you’re a team of one, expect weeks or months of work—and you can still run into a number of bugs and error messages. Unless your hobby is to create secure and reliable auth systems, there’s no need to waste time with the more menial tasks that can be quickly solved. Even more, there are a number of auth providers that have free plans (like PropelAuth!) that will be able to handle your auth needs for the foreseeable future.

Another protection professional auth provides is security of your hobby app. Even if your project is just for fun and won’t require its users to provide sensitive data, a low effort auth is a vulnerable target for hackers. Common threats are brute force attacks, poor network security, and poor password storage. While your site may not be top secret, seeing as at least 65% of people use the same password across websites and the average person reuses a password approximately fourteen times, your users’ information may be at risk.

Bottom line: Save yourself and your users the trouble by using an auth provider and return to working on what you love.

Technical Founder at a Startup

Whether or not you choose to develop your own auth will probably come down to the decision of how you will prioritize your technical needs. Are you the only developer or have you just hired your first engineering employees? What industry is your company a part of? What does your target audience require and are you converting them effectively?

A piece of universal advice we can give to fellow founders—regarding auth and other pivotal decisions—is to regularly ask yourself this question: “Will this project support and expedite meeting my company’s mission or will it distract and delay my main objectives?”

Scenario 1: If your team has successful auth implementation experience already or your product requires a unique level of customization, then developing your own auth might be the right choice. If you determine you have the time and resources to create your own solution, then prioritize it.

Scenario 2: If you don’t have prior auth experience or work in an industry that requires a high level of cyber security, then finding an auth provider may be the correct path. Setting up auth, especially B2B auth, can become an extensive project, especially for a lean developer team. If you want to invest your time and financials towards a higher priority project, there’s plenty of auth providers who will happily handle this for you.

There’s no magic combination for this decision, but contemplate whether this auth project will immediately improve your business or if an external solution is the better choice.

Nontechnical Founder at a Startup

Unless you already have a strong dev team in place, setting up your own auth system is likely a bigger project than you will want to chew. While a basic auth system may take up to a week to create and deploy—or significantly longer without any prior experience—there are many more professional features you will probably want to implement in the near future.

Magic links, two factor authentication, single sign on, brute force security, and common password detection are all core features that will take your auth to a professional level—and each requires additional days or weeks of work. Additionally, Security Assertion Markup Language (SAML), which transfers data between identity providers with service providers, is a critical feature for selling your product to larger companies, but can take months to build.

It’s not necessary or sustainable for a founder to build everything themselves. Especially when integrating auth can be possible within a matter of minutes with minimal developer time through businesses, like PropelAuth. Moreover, most auth providers have free pricing levels and later only require payment for the number of monthly users or systems used, and as a startup, you can easily find an affordable plan without paying enterprise-level prices.

In our opinion, at this stage, you’re most likely going to have a better experience using an external auth provider. Save yourself from frustration and use the space to focus on one of the many other pressing issues your startup is likely battling.

Developer Team at a Midsize Company or Enterprise

At this stage, you likely already have an auth system in place whether it’s through an external provider or was created in-house. And while it’s true migrations aren’t the easiest process, if you are unhappy with your auth implementation, you don’t have to continue to use it forever. Applying the Sunk Cost Fallacy, you may feel indebted to your auth system because of the time and money you’ve already invested in it. It can seem like a waste to redo the process, so why not just stick with it?

Because it can be better. Even more, great auth can help your company grow.

  • A great auth system allows you to fully customize your sign up/login process to match your brand.
  • According to a recent Stanford study, 46.1% of people say a website’s design is the top criteria for deciding if a company is credible or not with nearly half of all consumers in the study assessing the credibility of sites based in part on the appeal of the overall visual design of a site, including layout, typography, font size, and color schemes.
  • A great auth system creates a smooth user experience for your customers.
  • A one second delay can lead to an 58% increase in a lead leaving the website and every one second improvement in page load time, conversions increased by 2%.

Rather than staying in a tepid relationship, think about the future benefits a better auth system can bring to your customers and your business. If you only focus on decisions based on past costs, you will lose out achieving a more prosperous future. Take the time to revisit your auth needs—are there new security features you haven’t implemented yet, can your auth’s management system handle the ever-growing amount of customers you’ve onboarded? After the startup stage, you (hopefully) have less daily fires to put out, but developer time will always be a tight resource. You also (hopefully, again) have a larger budget to work with than when you began. Perform an audit on your auth needs to determine whether it’s worth it to improve your existing situation with some additional code or whether now’s the time to invest in a solution that can handle an enterprise’s business.