CHI-WEB Archives

ACM SIGCHI WWW Human Factors (Open Discussion)

CHI-WEB@LISTSERV.ACM.ORG
Options: Use Classic View

Use Monospaced Font
Show Text Part by Default
Condense Mail Headers

Topic: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Mime-Version: 1.0 (iPhone Mail 5F136)
Sender: "ACM SIGCHI WWW Human Factors (Open Discussion)" <[log in to unmask]>
X-To: Hal Shubin <[log in to unmask]>
Date: Wed, 15 Oct 2008 16:34:36 +0100
Reply-To: Filipe Miguel Tavares <[log in to unmask]>
Subject: Re: Password recovery
From: Filipe Miguel Tavares <[log in to unmask]>
In-Reply-To: <[log in to unmask]>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes
Parts/Attachments: text/plain (64 lines) 
Since you require the user e-mail address why don't you simply send  
that e-mail a message saying something like "the user, or someone  
else, has requested password recovery, click this URL to confirm"?

If the request is legitimate, the user clicks and has to change and  
confirm the new password.

If it isn't, the user ignores the message.

---
Filipe Miguel Tavares
[log in to unmask]


No dia 2008/10/14, às 20:40, Hal Shubin <[log in to unmask]> escreveu:

> When you want people to sign up for a free trial of a Web  
> application, you want the signup process to be as quick as possible.  
> Email address and password (plus password confirmation) seems the be  
> the least amount of information.
>
> But, what happens when that user has to recover her password?  
> Because the signup didn't ask for any sort of security information,  
> how can we verify that it's the right user? We need some other  
> information, but that makes signup longer.
>
> This seems trivial (just ask for the customer's first pet's  
> elementary school principal's favorite color), but I'm sure the  
> Marketing folks will balk when I suggest adding to the nice, short  
> signup process.
>
> I thought of the explanation Staples.com gave when they started  
> asking for ZIP/Postal codes before showing products: we can serve  
> you better if we know where you live, and know what stores and  
> products are nearby (or something like that, and they don't seem to  
> do it anymore). If we do ask for a security token, explaining the  
> purpose might make it seem like a *good* thing to prospective  
> customers.
>
> Any thoughts or experience with this?
>
> thanks                -- hs
>
> . . . . . . . . . . . . . . . . . . . . . .
> Hal Shubin
> Interaction Design, Inc.
> 617 489 6595
> www.user.com
>
>   --------------------------------------------------------------
>   Tip of the Day: Use the archives to research common questions
>    CHI-WEB: www.sigchi.org/web POSTINGS: mailto:[log in to unmask]
>             MODERATORS: mailto:[log in to unmask]
>      SUBSCRIPTION CHANGES & FAQ:  www.sigchi.org/web/faq.html
>   --------------------------------------------------------------
>

    --------------------------------------------------------------
    Tip of the Day: Suspend your subscription if using auto replies
     CHI-WEB: www.sigchi.org/web POSTINGS: mailto:[log in to unmask]
              MODERATORS: mailto:[log in to unmask]
       SUBSCRIPTION CHANGES & FAQ:  www.sigchi.org/web/faq.html
    --------------------------------------------------------------

ATOM RSS1 RSS2