After signing up or in, keep users on the same page, do not redirect them anywhere, and clearly show the user is signed in
Users can become confused when they aren’t sent to where they expect after signing in or resetting a password, and some will have difficulty re-finding where they were. This can mean lost purchases for you.
Check for an existing account during password reset, and inform users if the email does not exist
Some users might enter their email incorrectly, and it makes good sense to tell the user if this email does not exist.
Have the following sections covered
The minimized header with back and flow title
If using a side panel for sign-in and up, present an option to go back and show the flow title clearly.
The welcome back
Greet the user by the first name (if logged in previously), and provide a warm and welcoming message!
The sign-in options
Present key options that allow people to sign in, such as Signing in via email, Signing in with Facebook, Signing in with Google, etc. Then right below, enable people to create a new account, leading to a separate view with similar datasets and options. If people choose to sign in or up with email, ensure you show password validation helpers (visually indicate what is passed and missed). Upon email sign-in, show a clear path to the password recovery flow.
The bonus checklist
Provide a soft sign-in tactic
For security reasons, it makes sense to log the users automatically out after a period of time. Once the user is logged out, show their name in the header for a more personal touch, and once they want to use their account, ask them to sign in again, but also explain that they were logged out for a great reason, such as enhanced security.
The “please avoid” checklist
Avoid locking the account with 30 or fewer sign-in attempts
It is common for people to try many passwords. And if you lock their account too easily, you can miss the purchase. Offer convenient recovery options instead.
Avoid asking users to sign in if they are visiting the order tracking status link
This creates unwanted friction and disturbs the users, better build the smartness inside the email and URL. Of course, do not expose any personal data with the link. Just show the basics, like order status, ID, goods ordered, etc.
Avoid asking people to re-sign in when they are already signed in
Some sites ask to re-sign in for security reasons, but this creates frustration and abandonment. So better use alternatives.