I can't say how many accounts I have on the Internet. Based off of how many accounts I have created it would seem that I at least create 2 accounts per day. That is a lot of accounts per month and per year. Reason for doing this is because I am always out on the look for new software and new products. I want to find products that could help me become a little more efficient in my everyday life. I also take a lot of these products and see how I could possibly build something better. So from that backstory, I keep finding sites that have some very messed up practices for registration forms.
I understand that people don't want to input a ton of data when signing up for a service. I completely understand why that would be an issue. You want to have a site that has a good signup and retention rate. However I know of a way to lose customers very quickly.
Single password fields on registration forms.
If the problem is not apparent right off the bat lets keep going. Now, not all sites that implement this method do it wrong. I have had some sites email me my password, which is nice but I would still say it isn't preferred. The biggest risk is having your email compromised and if you didn't change that password, the intruder now has access to what site that password belongs to and what the password is. Although having your password emailed to you for validation might be a good thought at first, it would better to know that a password is wrong before submitting it to the server. As for sites that don’t do any kind of confirmation, then what are you thinking?
I type my password incorrectly frequently, trying to login or even registering on a new site. So not having a confirm password box and or having it emailed to the user blows my mind. A non-confirming email field makes a little more sense because you can see the content of the field, but a password box should be masked, so not confirming it in some fashion doesn't make any sense in my mind.
I have been searching the web for some time trying to find any good reasons for this and I haven't found any reasons that have satisfied me.
We should only have the user type in the password once but make sure the forgot password system is working seamlessly.
Really? I know that password managers a something people should be using but not everyone does. There are a lot of people who still type out their passwords and not everyone types their passwords perfectly.
We should only have the user type in the password once but make it so the user can toggle previewing the password field
This is more acceptable. I would not have an issue with this, however there are a lot of sites that don't do this regardless.
Only having an email field for registration and letting the server generate a password they can change later.
This is also acceptable. If you are wanting simple, there is nothing simpler than one contact field. As long as you confirm the password when they try to change it.
I am ok with 3 fields; I am even ok with 4-5 field registration forms. I tend to be more hesitant when it comes to 7+ fields. If you don’t require my mailing address immediately, then don't ask for it. If your app requires it, wait until I return to confirm my email. I am not most consumers but I would rather come back to the site when I have more time to invest duplicating my address and other personal information into your database.
What do you think?