CHI-WEB Archives

ACM SIGCHI WWW Human Factors (Open Discussion)


Options: Use Classic View

Use Proportional Font
Show Text Part by Default
Condense Mail Headers

Topic: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Sender: "ACM SIGCHI WWW Human Factors (Open Discussion)" <[log in to unmask]>
X-To: Hal Shubin <[log in to unmask]>
Date: Wed, 15 Oct 2008 17:21:45 +0100
Content-Disposition: inline
Reply-To: Tom Coombs <[log in to unmask]>
From: Tom Coombs <[log in to unmask]>
Content-Transfer-Encoding: 7bit
In-Reply-To: <[log in to unmask]>
Content-Type: text/plain; charset=ISO-8859-1
MIME-Version: 1.0
Parts/Attachments: text/plain (96 lines)

Some good answers so far, and I agree with them all.

You can offer a lot before asking for anything.

1 - Someone can try it out immediately, no login, nothing. Make a temporary
user, make some guesses about location or whatever else your app needs to
know to get going.

2 - The person can even return time and again on the same machine if you set
a cookie.

3 - If they want to go to it on another machine, then they need to create a

At the point of wanting to progress from step 2 to 3, the user has quite a
relationship with the app already, so registration is a small ask at that

Check out  They handle this very well.

Some other thoughts ...

those security questions are far from perfect.  Take me ... I've never had
pets, no idea who my elementary school principal was, and my favourite
colour is very guessable.  Most of the other questions I avoid becuase I
would type them differently each time e.g. do I type "St" or "Saint" at the
beginning of my first school?

Finally, when you do need to achieve login, why not allow Open id or similar
(yahoo's version, i think facebook do it now too).

And I agree with Filipe, the case you're trying to avoid with the extra bit
of info is not worth worrying about.  If someone wants to retrieve their
password, they need to make sure they've given you the right email.  And
there's no real malicious use case of putting someone else's address in.


2008/10/14 Hal Shubin <[log in to unmask]>

> When you want people to sign up for a free trial of a Web application, you
> want the signup process to be as quick as possible. Email address and
> password (plus password confirmation) seems the be the least amount of
> information.
> But, what happens when that user has to recover her password? Because the
> signup didn't ask for any sort of security information, how can we verify
> that it's the right user? We need some other information, but that makes
> signup longer.
> This seems trivial (just ask for the customer's first pet's elementary
> school principal's favorite color), but I'm sure the Marketing folks will
> balk when I suggest adding to the nice, short signup process.
> I thought of the explanation gave when they started asking for
> ZIP/Postal codes before showing products: we can serve you better if we know
> where you live, and know what stores and products are nearby (or something
> like that, and they don't seem to do it anymore). If we do ask for a
> security token, explaining the purpose might make it seem like a *good*
> thing to prospective customers.
> Any thoughts or experience with this?
> thanks                          -- hs
> . . . . . . . . . . . . . . . . . . . . . .
> Hal Shubin
> Interaction Design, Inc.
> 617 489 6595
>   --------------------------------------------------------------
>   Tip of the Day: Use the archives to research common questions
>    CHI-WEB: POSTINGS: mailto:[log in to unmask]
>             MODERATORS: mailto:[log in to unmask]
>   --------------------------------------------------------------

Tom Coombs
+44 (0) 7968 151198

    Tip of the Day: Suspend your subscription if using auto replies
     CHI-WEB: POSTINGS: mailto:[log in to unmask]
              MODERATORS: mailto:[log in to unmask]