Sign-up experience

20 Mar 2008 - 3:49am
6 years ago
4 replies
809 reads
vlad
2008

Someone on this list sent me to platial.com and this website gave me a few
thoughts about their sign-up process.

I do appreciate the easiness. I am only required to fill four mandatory
fields and one optional.
(maybe instead of homebase it should say home city, for those that aren't
english natives)

And thank God, there's no captcha and no activation email. I can use my
account right away.
I do get an email, stating, among others, that:
" If you were not expecting this email, simply ignore it, no further action
is required to terminate the request."

1. Is this process secure enough? Of course, it's easy on the users. Do you
guys do something magical behind the
curtains that we can't tell? Or I could just create a script and spam away?

2. If you were not expecting this email, simply ignore it? If another person
created an account with my email address...
I simply couldn't ignore this. I want to correct the issue, and I want
Platial to do it for me.

I also think that #1 points out to a more general concern about the app's
perceived security.
What do you think? Isn't this too much of a no-hassle sign-up for the user?

Thanks.

--
--------------------------------------
http://nomorestories.com/
--------------------------------------

Comments

20 Mar 2008 - 9:56am
Mat Atkinson
2008

Vlad

At ProofHQ (www.proofhq.com) we mulled over this issue for a few
weeks and tested various options.

We ended up with just six fields and did away with Captcha. However,
we are still not sure about granting instant access. Confirmation of
email ownership is important to prevent users squatting other
people's addresses.

Thoughts on this would be welcome, as it is a "clunk" in the
process.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Posted from the new ixda.org
http://www.ixda.org/discuss?post=27398

20 Mar 2008 - 11:01am
Jeff Howard
2004

I think the context is important here. This isn't financial or
medical; it's a social-mapping website. Is it secure enough for what
they're doing? Probably. Platial's signup process seems to be in
line with a whole raft of other social websites that value
instant-access over identity verification.

You may be overthinking the security loopholes more than the average
user. There's a whole class of people who can't write their own
spambots. It's a delicate balance. How to reassure skeptics (you)
without planting the question in the minds of people who hadn't
considered that it might be insecure?

// jeff

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Posted from the new ixda.org
http://www.ixda.org/discuss?post=27398

21 Mar 2008 - 12:33am
Michael B. Moore
2008

Just today I had to use a registration process that was so abysmally bad
that I felt I needed to share. I'm one of the (apparently many) people here
who've switched from Mac to PC and one of my clients requires a Cisco client
to access their VPN.
So I head over to Cisco.com to find out if they have a Mac version. Click on
Support, then click on Download Software, then click on VPN software. So
far, so good.

Uh-oh, I have to register before I can find out if they have what I want.
Well, OK, I need it for work. But I have to pick now between "Registered
Guest" and "Registered Customer". Hmmm. Guest sounds faster, so I choose
that.

I click the Register Now button and I get a drop down list of languages next
to a "Choose Language" label. Then my name, email, email again, and...
another dropdown for "Language Preference". What?? Didn't I just answer
that?

Now they want a user name, but instead of being able to use my regular one,
they require it be at least 9 characters (but no more than 50 - now who has
a 50 character user name?)

Then there's a bunch of stuff letting me choose not to be spammed. So I say
"no" to all the emails they so generously want to send me, and I leave the
email preferences (HTML or text) choice blank - because I don't want any
email. But no, email format preference is required. Argh.

On to Page 2 of 6 (sigh). Enter my address, my phone number, my job role.
Weirdly I have to enter my country as part of my address, and then select my
country code as part of my phone number. I don't know about you, but my
phone is typically in the same country as me. Is this a computer company?
Can they look this stuff up? Next...

Page 3 of 6 - My "Interests and Preferences" Right now I would prefer not to
have to deal with this dumb registration process. Oh look, they're asking me
what language I prefer. Didn't I answer that twice before? Happily there is
a Skip this Step button at the bottom.

Page 4 or 6 - Two security questions. Ok, I fill out one and click Submit.
But oh, no. They say I must fill them both out. I guess I might forget the
name of my first pet and have to fall back to my favorite car.

Page 5 of 6 - fill out your password. OK, I enter in my usual password for
stuff I don't care about. Nope, I read the rules and (no kidding) here's
what they require:

- a minimum of 8 alphanumeric characters
- both upper and lowercase characters (a-z, A-Z)
- at least one numeral
- have at least one symbol (!@#$%^&*)

At this point I give up in disgust. I am a beaten man. There's just no way
their crummy VPN client software is worth this. I'll use the old PC for
getting access.

And that, my friends, is how to design a registration process so secure, so
Byzantine that you'll never be bothered by those pesky users ever again.

Thanks for letting me get that off my chest.

--
Michael B. Moore • Pure InfoDesign • 415.246.6690 M • www.pureinfodesign.com

21 Mar 2008 - 11:42am
vlad
2008

Jeff: right. Thanks for pointing this out. I agree. They probably do a good
job blocking spam behind the doors... Your question still remains, though
(how to convince skeptics), and I can't think of a better solution than some
sort of disclaimer or something.

Michael: so very interesting. People should definitely check this signup
form: http://tools.cisco.com/RPF/register/register.do
Because you are doing it so much injustice!
First of all, it is huge and unnerving. And it gives you a hint about this
only being step 1. There is no "of 6", as you said, so I have no idea that I
will need to go through 5 more steps. (They were smart here, if they had
indeed written step 1 of 6, I would've given up right from the start)
Right. Step 2 of 6. Now they tell me. I quit, sorry. No, I'll push through.
I skip #3. Good. Step 6 is the email activation. It starts blatantly with
CLICK HERE.
Good, I'm logged in.

Michael, you've been one step away from Cisco heaven. Which is one humongous
profile manager (doh!) Sorry, you lost the best part :)
On a more serious tone, this is not so "secure" as it is irritating. The
only secure thing is the old-style email activation. Now I'm more convinced
that Jeff is right.

P.S.: Yes, you do have to choose language twice. On the first page. Amongst
the first 5 form fields. Can't miss it. Can't skip it, either.

--
--------------------------------------
http://nomorestories.com/
--------------------------------------

Syndicate content Get the feed