CHI-WEB Archives

ACM SIGCHI WWW Human Factors (Open Discussion)


Options: Use Classic View

Use Proportional Font
Show Text Part by Default
Show All Mail Headers

Topic: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Matthew Dull <[log in to unmask]>
Wed, 15 Oct 2008 11:08:16 -0400
text/plain (66 lines)
Hi Hal,

Password retrieval should be handled by allowing visitors to enter
their email address and then have a link to change their password sent
to them via email.  That way only the person who has access to the
address can change the password; a stranger who uses your email
address can't change your password because they can't access your
email account.  Sending a link via email is also better than just the
pure password, because then nothing can be intercepted while the
password-change process is underway.

Does that answer your question?

-- Matt Dull
Usability Auditor
[[ ForeSee Results, Ann Arbor, MI ]]

On Tue, Oct 14, 2008 at 3:40 PM, Hal Shubin <[log in to unmask]> wrote:
> When you want people to sign up for a free trial of a Web application, you
> want the signup process to be as quick as possible. Email address and
> password (plus password confirmation) seems the be the least amount of
> information.
> But, what happens when that user has to recover her password? Because the
> signup didn't ask for any sort of security information, how can we verify
> that it's the right user? We need some other information, but that makes
> signup longer.
> This seems trivial (just ask for the customer's first pet's elementary
> school principal's favorite color), but I'm sure the Marketing folks will
> balk when I suggest adding to the nice, short signup process.
> I thought of the explanation gave when they started asking for
> ZIP/Postal codes before showing products: we can serve you better if we know
> where you live, and know what stores and products are nearby (or something
> like that, and they don't seem to do it anymore). If we do ask for a
> security token, explaining the purpose might make it seem like a *good*
> thing to prospective customers.
> Any thoughts or experience with this?
> thanks                          -- hs
> . . . . . . . . . . . . . . . . . . . . . .
> Hal Shubin
> Interaction Design, Inc.
> 617 489 6595
>   --------------------------------------------------------------
>   Tip of the Day: Use the archives to research common questions
>    CHI-WEB: POSTINGS: mailto:[log in to unmask]
>             MODERATORS: mailto:[log in to unmask]
>   --------------------------------------------------------------

    Tip of the Day: Suspend your subscription if using auto replies
     CHI-WEB: POSTINGS: mailto:[log in to unmask]
              MODERATORS: mailto:[log in to unmask]