CHI-WEB Archives

ACM SIGCHI WWW Human Factors (Open Discussion)

CHI-WEB@LISTSERV.ACM.ORG

Options: Use Classic View

Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Topic: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
spacerom online <[log in to unmask]>
Wed, 15 Oct 2008 19:31:23 +0300
text/plain (76 lines)
Hello Hal,

i think the best practice in this case would be to take advantage of the 
users e-mail address that they all ready provided to you. This can 
happen with two ways.

After the user has requested to retrieve the password, you can:

1. Send an e-mail in his/her address in which the user (providing the 
link in the e-mail body) can reset his/her password and give a new one 
(this is the more secure way).

2. Send an e-mail with the user-password in the e-mail body.

I think the first option is better and more secure because the user 
confirms the retrieval of his/her password.

If the user has not provided a valid e-mail address it means that maybe 
he doesn't want to use your application or site anyway or that it's not 
the right user or that it's not an existing person.

I think that asking for more "secure" user-information during the 
sign-up, like the zip code etc. Make thinks more complicated (for the 
user too) and it doesn't help the process to be quick as you want it to be.

cheers,
Kostas Plastiras - Web developer & Multimedia Expert


Hal Shubin wrote:
> When you want people to sign up for a free trial of a Web application, 
> you want the signup process to be as quick as possible. Email address 
> and password (plus password confirmation) seems the be the least 
> amount of information.
>
> But, what happens when that user has to recover her password? Because 
> the signup didn't ask for any sort of security information, how can we 
> verify that it's the right user? We need some other information, but 
> that makes signup longer.
>
> This seems trivial (just ask for the customer's first pet's elementary 
> school principal's favorite color), but I'm sure the Marketing folks 
> will balk when I suggest adding to the nice, short signup process.
>
> I thought of the explanation Staples.com gave when they started asking 
> for ZIP/Postal codes before showing products: we can serve you better 
> if we know where you live, and know what stores and products are 
> nearby (or something like that, and they don't seem to do it anymore). 
> If we do ask for a security token, explaining the purpose might make 
> it seem like a *good* thing to prospective customers.
>
> Any thoughts or experience with this?
>
> thanks                -- hs
>
> . . . . . . . . . . . . . . . . . . . . . .
> Hal Shubin
> Interaction Design, Inc.
> 617 489 6595
> www.user.com
>
>    --------------------------------------------------------------
>    Tip of the Day: Use the archives to research common questions
>     CHI-WEB: www.sigchi.org/web POSTINGS: mailto:[log in to unmask]
>              MODERATORS: mailto:[log in to unmask]
>       SUBSCRIPTION CHANGES & FAQ:  www.sigchi.org/web/faq.html
>    --------------------------------------------------------------
>

    --------------------------------------------------------------
    Tip of the Day: Suspend your subscription if using auto replies
     CHI-WEB: www.sigchi.org/web POSTINGS: mailto:[log in to unmask]
              MODERATORS: mailto:[log in to unmask]
       SUBSCRIPTION CHANGES & FAQ:  www.sigchi.org/web/faq.html
    --------------------------------------------------------------

ATOM RSS1 RSS2