CHI-WEB Archives

ACM SIGCHI WWW Human Factors (Open Discussion)

CHI-WEB@LISTSERV.ACM.ORG
Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Condense Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Sender:
"ACM SIGCHI WWW Human Factors (Open Discussion)" <[log in to unmask]>
X-To:
Hal Shubin <[log in to unmask]>
Date:
Wed, 15 Oct 2008 11:08:16 -0400
Content-Disposition:
inline
Reply-To:
Matthew Dull <[log in to unmask]>
Subject:
Re: Password recovery
From:
Matthew Dull <[log in to unmask]>
Content-Transfer-Encoding:
7bit
In-Reply-To:
<[log in to unmask]>
Content-Type:
text/plain; charset=ISO-8859-1
MIME-Version:
1.0
Parts/Attachments:
text/plain (66 lines) 
Hi Hal,

Password retrieval should be handled by allowing visitors to enter
their email address and then have a link to change their password sent
to them via email.  That way only the person who has access to the
address can change the password; a stranger who uses your email
address can't change your password because they can't access your
email account.  Sending a link via email is also better than just the
pure password, because then nothing can be intercepted while the
password-change process is underway.

Does that answer your question?

-- Matt Dull
Usability Auditor
[[ ForeSee Results, Ann Arbor, MI ]]


On Tue, Oct 14, 2008 at 3:40 PM, Hal Shubin <[log in to unmask]> wrote:
> When you want people to sign up for a free trial of a Web application, you
> want the signup process to be as quick as possible. Email address and
> password (plus password confirmation) seems the be the least amount of
> information.
>
> But, what happens when that user has to recover her password? Because the
> signup didn't ask for any sort of security information, how can we verify
> that it's the right user? We need some other information, but that makes
> signup longer.
>
> This seems trivial (just ask for the customer's first pet's elementary
> school principal's favorite color), but I'm sure the Marketing folks will
> balk when I suggest adding to the nice, short signup process.
>
> I thought of the explanation Staples.com gave when they started asking for
> ZIP/Postal codes before showing products: we can serve you better if we know
> where you live, and know what stores and products are nearby (or something
> like that, and they don't seem to do it anymore). If we do ask for a
> security token, explaining the purpose might make it seem like a *good*
> thing to prospective customers.
>
> Any thoughts or experience with this?
>
> thanks                          -- hs
>
> . . . . . . . . . . . . . . . . . . . . . .
> Hal Shubin
> Interaction Design, Inc.
> 617 489 6595
> www.user.com
>
>   --------------------------------------------------------------
>   Tip of the Day: Use the archives to research common questions
>    CHI-WEB: www.sigchi.org/web POSTINGS: mailto:[log in to unmask]
>             MODERATORS: mailto:[log in to unmask]
>      SUBSCRIPTION CHANGES & FAQ:  www.sigchi.org/web/faq.html
>   --------------------------------------------------------------
>
>

    --------------------------------------------------------------
    Tip of the Day: Suspend your subscription if using auto replies
     CHI-WEB: www.sigchi.org/web POSTINGS: mailto:[log in to unmask]
              MODERATORS: mailto:[log in to unmask]
       SUBSCRIPTION CHANGES & FAQ:  www.sigchi.org/web/faq.html
    --------------------------------------------------------------

ATOM RSS1 RSS2