Donnerstag, 12. Juni 2014

eMail-only registration

Today, I read a blog post named "People (understandably) hate to register".

I must admit, that there is some truth inside it and the idea, to spare people from registration is compelling. But there are also some cases, where you definitively need some way to ensure that the people that use the service bring some form of "commitment" with them.
One such example are online games that are played highly cooperatively. If you just let everybody "drop in" and play a little (like in social games) the game experience for the other players could be ruined very fast.
So, in such cases, a registration is one kind of possibility to find only people who really want to play (instead of simply trying a little bit).

But there could also be a different approach to elevate the hassles of registration.
One thing I hate is, I always need a new password and I have the trouble, when I log in to different sides always remembering or managing my passwords for those sides.
So, why not look at the problem from that side? Why not just let the people register just with their eMail-address ... nothing else (for the moment, of course, later you also want to have nicknames to use inside a game or so, but for registration purposes, just say we want to have the eMail).

Several services already don't require, that you log in to the system all the time with username and password. They just store a cookie in your browser and as long as it is valid (from several hours up to days or weeks), you don't need to log in again. There is only one exception: When you want to make some mayor changes, like changing the account password or eMail address, you have to enter the old password again for verification sake. That is of course a sensible idea, since else anybody who has access to your browser could easily capture your account and lock you out.
Now, why then use a password at all, since password management already is a burden for the people. But everybody has an eMail address and for services where you have to be committed to, it makes a lot of sense to give one of those.

So the mechanics would look like that: The new user enters his eMail address and the system sends a confirmation mail to that address. Inside is of course a link, that must be clicked by the new user. When he does, the eMail is confirmed and a long lasting cookie will be stored in his current browser.
Now he will be logged in the system automatically every time, he accesses the web site with the same browser. When he wants to use multiple browsers (for example one on his mobile phone), he must request further confirmation mails, since one confirmation link is always a one-use-only link. This is to prevent misuse if somebody else gets a copy of a confirmation mail.
Also when he wants to make vital changes to his account, like changing his eMail-address, a confirmation-step is needed. But that could be simplified somewhat. Just make the changes you want and when they are confirmed at the web-site via a submit-button, a message will come up, that the changes must be confirmed a second time via clicking a confirmation link, that is mailed to the old eMail address.

The whole mechanics has just one drawback: When you loose access to your eMail-Address somehow, you will also totally loose access to your account, at least when you change your browser. But of course, many services today rely on just one eMail address as last resort access.

But for those that want to be more safe, or for people who are more traditional minded, it would be possible to optionally have a normal registration or the option to create some kind of "rescue-password" inside the account management.

1 Kommentar:

  1. Hi MOT,

    thank you very much for your comment. I think, that I will use such a scheme in our strategic online game that will be available soon. I will look at your project, if it could be helpful for us.

    Best Regards,
    /juergen

    AntwortenLöschen