I think they often do, yes. But I feel like there's often a decision point there for the user. The thought "if I don't create an account, but need to come back later for something (status, returns, questions), can I still get what I need?"

Rownd would essentially eliminate that mental question entirely. You provided an email or phone, therefore you're more than just a guest.

Matt makes a great point.

To emphasis: During check out, they still have you add your email and phone (for receipt, tracking, etc). It is transactional in nature, but the company still has it and likely saves the session with a cookie.

Rownd is trying to fix this: Why not treat everyone like a guest the first time and if they want, when they come back, they can verify phone/email (or wallet in the future) and then the rest is filled in.

99% of the time I "continue as a guest" because it is easier than going through the hassle of email (verify), password (remember or pw manager), and the 9 other questions they ask before you can actually check out.

On the flip side, if my Rownd account is compromised, are all the places it used too?

That is an interesting dilemma. As we grow and the average end-user goes from 1 to 5 to 10-20 sites that is being protected by Rownd, we will enforce greater and greater authentication schemes for Rownd.

The truth is, if your email is compromised right now, most sites will be compromised since "lost password" fall backs are sent over email. 2FA is the way to go into the future.

The heart of this issue is around how to authenticate users quickly and securely.