During sign up there should be an "e-mail verification"-step before completion of sign-up, others hold that e-mails shouldn't be sent, and verification should be done at a later stage (https://designexcellent.com/ux-login-register-password/), I personally prefer it at some point to avoid "identity" theft.
During sign up there shouldn't be a password size limit. (xx/25 on the first password field)
During sign up the retype password field shouldn't remain red when the passwords match
During sign-in there should be error messages for a) account doesn't exist, b) the wrong password for the account since the system only lets you register once with a password, an attacker can test for e-mail accounts, and usernames, registered on the sign in page. Therefore the user who needs to know their user name (I use a couple of different ones for "serious" vs "fun") for the application. There was an article, which I couldn't find again, that also had metrics on how
Add a "keep me signed in" checkbox to the login form
Add some kind of 2-factor authentication using apps like Authenticator from Google, Microsoft, Steam App, Facebook App, or any of the solutions mentioned in the linked articles
Do a live lookup for "username exists" and suggest alternatives (mostly for popular solutions)
Most of these are opinions, but some should be ready-out-of-the-box for a framework.
In general, people shouldn't have to give up too much information to log in. Ask for the information when needed. For example, First name, Last name, when is it needed? Not when signing up, especially since username is the unique identifier for the user. This, of course, is different from application to application. So how about adding some kind of hierarchy to information. Say that we don't send a registration e-mail upon registration. Then after the user has returned to the site at least 24 hours later, then we send a welcome back e-mail, please add your real name to your profile.
The goal is to ease people into using the application/site and making sure they return again and again. For anyone making a shopping application/site, this article has additional tips on how to make the experience smoother (https://blog.kissmetrics.com/first-step-of-checkout/)
Most of these are opinions, but some should be ready-out-of-the-box for a framework.
In general, people shouldn't have to give up too much information to log in. Ask for the information when needed. For example, First name, Last name, when is it needed? Not when signing up, especially since username is the unique identifier for the user. This, of course, is different from application to application. So how about adding some kind of hierarchy to information. Say that we don't send a registration e-mail upon registration. Then after the user has returned to the site at least 24 hours later, then we send a welcome back e-mail, please add your real name to your profile.
The goal is to ease people into using the application/site and making sure they return again and again. For anyone making a shopping application/site, this article has additional tips on how to make the experience smoother (https://blog.kissmetrics.com/first-step-of-checkout/)
Too much for one issue?