Currently Aha drops the login session every single time you close the browser. This seems unnecessary and hugely cripples and diminishes the user experience. The information stored in Aha! is no more critically sensitive than thousands of applications out there that allow for extended based sessions which persist across 'new browsers' (using cookies/tokens etc). To name just a few products that allow for this:
All of these house information that is just as sensitive, or more sensitive than Aha, and yet they don't require this over-the-top need to log in every single time you access the browser. The ONLY applications that warrant such strict session policy are bank/netbank applications, and Aha! is not a bank. You need not adhere to PCI DSS compliance. You're not holding financial information. Also bank applications are only accessed relatively infrequently while product managers will use Aha many times in the day - this is debilitating. If roadmap information is considered so incredibly sensisitive to company (more important than all the business logic, specs, and IP held in Jira, Devops etc??), then they will have laptop/browser/network policies to strictly tie down access at that level - so you need not concern yourself with that.
To compound this problem, the login process is frustratingly tedious and involves too many steps. For some unbeknownst reason the login form requires 2 separate screens - one to enter your email address, then a second one to enter your password, which means you can't use saved browser credentials (or a password manager) to load up your details in a single screen. This means to login to Aha, you have to click first time on the 'Login' link, manually type in your entire email address (EVERY TIME), click a second time for next, then type your password then click a third time for submit. Even if you DO remember your credentials in the browser, they don't load up in the initial screen meaning you have to type your username every time. So to re-iterate: 3 clicks and your username manually entered every time to login? I've never ever seen an application do this. Even my BANK allows the username to be remembered.
I honestly find the process flawed and frustrating. Please give this some proper consideration - you go to all this effort of developing a huge, and very impressive software application, but it's completely hamstrung by the most obvious, very first step in accessing the product - which severely impacts the user experience every single time a user accesses it.
Thank you for the tip regarding logging in from the custom domain, rather than the secure.aha.io domain. I hadn't noticed that, and it does make it one step easier.
Hi there, thank you for your feedback. It is clear that you put a lot of time and thought into this and we really appreciate it.
I did want to point out one thing that could help your flow immediately. Currently if you go directly to your custom domain to login, you will see the username and password fields on a single step. This would be the URL that looks like <custom domain>.aha.io. We currently separate the login to two steps from the secure.aha.io URL to check for single sign-on.
Regarding your feedback, we will likely continue to require login after the browser has been closed. The simple workflow that many customers use is to not close the browser -- which I realize may not be an option in every case. That said, you do point out some improvements that we could definitely make to the login form. For example, allowing the browser to save login credentials and allowing password managers to work even from secure.aha.io. I have linked this idea to a feature for improvements in this area, so we will update the status as progress is made.
Thank you again for your feedback!