: User registration usability vs security What are cons and pros of the following: asking to repeat password asking to have a certain length-password asking to repeat e-mail address using captcha sending
What are cons and pros of the following:
asking to repeat password
asking to have a certain length-password
asking to repeat e-mail address
using captcha
sending confirmation e-mail
what do you think is the best way - to have those above or not? I'm especially interested in the last one.
Take into account that it is necessary for the web-site to have user's real e-mail address.
More posts by @Odierno851
1 Comments
Sorted by latest first Latest Oldest Best
asking to repeat password
This is good as it helps to flush out mistyped passwords. If someone types it in incorrectly this should theoretically catch it. It helps to prevent the user from being able to login for the first time which would certainly be a negative user experience.
asking to have a certain length-password
This is not a bad idea but isn't helpful as you might think. If you are salting and hashing your passwords then all of your stored passwords will be identical in length in your database and (theoretically) unique so if your DB is compromised they essentially are safe. Longer passwords only then make it harder for someone to steal if they are looking over a user's shoulder or something along those lines. Longer passwords also make it harder for users to remember their password especially when it forces them to use one that is unique to your site (which is safer but we all know people reuse the same passwords over and over again).
asking to repeat e-mail address
This isn't a bad thing as it makes it more likely that the user will enter their email address correctly. This is important if you have a forgot password feature that requires them receiving an email with their reset password in it or you send important emails to them as part of your service. Just keep in mind that copy and paste makes this less then 100% effective.
using captcha
Here's a good article on captchas I just read a couple of hours ago. I thin it sums up captchas quite nicely. If you're trying to limit spambots from abusing your form then you should consider other options that are more user-friendly.
sending confirmation e-mail
This is good when you need to verify an email address is real and being used/controlled by the user. Otherwise it is another opportunity for the registration process (or whatever else it is you are doing) to stop or fail. Some people don't get the email, or it comes too slow, or they don't know what to do, etc.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.