I had an idea for reducing abandonment. It is normally pretty easy to detect a collision between an old account and a new one. They will have much of the same personal info associated with it, if your site collects that info. So, if two William Bralls from the same city and state show up, you could offer on creation a list (hopefully a single) of accounts that seem to be that person based on collected data.
Then you allow that person to pick from a selection of options, say: That's ME! Remind me how to log into it! That WAS me, let's delete the account! That is me, and I want to keep both! That isn't me... Possibly others. So long as they mirror existing systems for recovering passwords and accounts. Most sites have a 'send you your password/login' system. That could be used to send the other account their login info, assuming the account creation process has provided the same level of knowledge about the old account by accident as the password recovery system requires through choice. (Such as entering the e-mail address associated with the account, or the username, or both) This could be taken to any extreme imaginable. So long as the hinge is the old account, and the new account is destroyed when the user logs back into the old account. That account is also alerted that this has happened, in case it was an attempt to gain access. But it would be just as secure as your existing system was. ------ I find it is much more of a drag to have to remember a password than it is to remember a handle. Most people fall into using something regular. This e-mail and this handle with these additions if it is taken. The password tends to be the big one, especially with any kind of 'stay signed in' option. I could figure out how to long into amazon if I lost my cookie... But that password is from at least half a decade ago, I don't know what it would be. I would have to guess. More-over, I find most passwords that lock you out after so many attempts have a crazy low number for when to lock out. The only reason I can think of to do this is so someone who knows the user has a better chance of guessing the password.. However, I see it used mostly in situations where the user has had to jump through a million hoops to make that password, rendering it very hard to guess. Unless the rules are so strict that the user uses the same password with 0 to 9 after it... In which case the hacker gets 3 chances. So you now have a password with, under the right conditions, about a 1 in 3 chance of being broken... Lovely. Why set this to 3 guesses? Why not 10? I much rather worry about this problem then e-mail/login... which has an obvious solution. Let the user pick which to use when they sign on. Gives them double the chance to manage to log in... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Posted from the new ixda.org http://www.ixda.org/discuss?post=37879 ________________________________________________________________ Welcome to the Interaction Design Association (IxDA)! To post to this list ....... [email protected] Unsubscribe ................ http://www.ixda.org/unsubscribe List Guidelines ............ http://www.ixda.org/guidelines List Help .................. http://www.ixda.org/help
