CHI-WEB Archives

ACM SIGCHI WWW Human Factors (Open Discussion)


Options: Use Classic View

Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Topic: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
spacerom online <[log in to unmask]>
Wed, 15 Oct 2008 19:31:23 +0300
text/plain (76 lines)
Hello Hal,

i think the best practice in this case would be to take advantage of the 
users e-mail address that they all ready provided to you. This can 
happen with two ways.

After the user has requested to retrieve the password, you can:

1. Send an e-mail in his/her address in which the user (providing the 
link in the e-mail body) can reset his/her password and give a new one 
(this is the more secure way).

2. Send an e-mail with the user-password in the e-mail body.

I think the first option is better and more secure because the user 
confirms the retrieval of his/her password.

If the user has not provided a valid e-mail address it means that maybe 
he doesn't want to use your application or site anyway or that it's not 
the right user or that it's not an existing person.

I think that asking for more "secure" user-information during the 
sign-up, like the zip code etc. Make thinks more complicated (for the 
user too) and it doesn't help the process to be quick as you want it to be.

Kostas Plastiras - Web developer & Multimedia Expert

Hal Shubin wrote:
> When you want people to sign up for a free trial of a Web application, 
> you want the signup process to be as quick as possible. Email address 
> and password (plus password confirmation) seems the be the least 
> amount of information.
> But, what happens when that user has to recover her password? Because 
> the signup didn't ask for any sort of security information, how can we 
> verify that it's the right user? We need some other information, but 
> that makes signup longer.
> This seems trivial (just ask for the customer's first pet's elementary 
> school principal's favorite color), but I'm sure the Marketing folks 
> will balk when I suggest adding to the nice, short signup process.
> I thought of the explanation gave when they started asking 
> for ZIP/Postal codes before showing products: we can serve you better 
> if we know where you live, and know what stores and products are 
> nearby (or something like that, and they don't seem to do it anymore). 
> If we do ask for a security token, explaining the purpose might make 
> it seem like a *good* thing to prospective customers.
> Any thoughts or experience with this?
> thanks                -- hs
> . . . . . . . . . . . . . . . . . . . . . .
> Hal Shubin
> Interaction Design, Inc.
> 617 489 6595
>    --------------------------------------------------------------
>    Tip of the Day: Use the archives to research common questions
>     CHI-WEB: POSTINGS: mailto:[log in to unmask]
>              MODERATORS: mailto:[log in to unmask]
>    --------------------------------------------------------------

    Tip of the Day: Suspend your subscription if using auto replies
     CHI-WEB: POSTINGS: mailto:[log in to unmask]
              MODERATORS: mailto:[log in to unmask]