

User account creation re-imagined [video] - stefan_kendall
http://www.stefankendall.com/2013/02/user-account-creation-re-imagined.html

======
MiguelHudnandez
"Unable to display content. Adobe Flash is required."

I had a small chuckle--I hope that's not the future of signup pages.

Here's a description of the video, for those on their phones or flash-impaired
devices:

When requiring an account, have only two fields, username and password. Auto-
generate both randomly and show them both in plain text. If the user changes
the password, save that -- it's their new password. They can enter it on
another device. Likewise, if they change the username, save that change.

If they change both username and password to an existing and valid combo,
consider that switching users, and I suppose you perform a logout and log in
with the new credentials. (This is where it gets a little muddy, in my
opinion.)

~~~
hayksaakian
<http://www.imgur.com/njew43E.png>

:-(

------
pedalpete
I don't understand how this helps the user.

You're assigning a username and password to them. Are they going to take the
action to change it to something they will remember? If not, how will they
retrieve it when they forget? How is any of this an improvement?

------
lwf
This fails the "don't make me think" test. You're taking something that needs
no explanation ( a registration form ) and making its functionality entirely
unobvious.

------
shawnc
I like this idea. It make s alot of sense in the 'app' world, where one
doesn't want to type much, where they just want to 'check it out', and where
they don't constantly log in anyway. No email address needed either.

------
lwhalen
Please, please, PLEASE don't store user's passwords in plaintext on the
backend...

~~~
Nikolas0
That's what I thought too. I guess it wont be hard though to just put
asterisks there and store it in md5/sha1. On the other hand allowing the user
to change password without knowing the old one it's another security risk, so
this is not probably for every app or it needs some work to get done right.

~~~
stefan_kendall
You can only change the password for the current user. If someone gets access
to your phone, they can change your password, so this doesn't work for, say, a
bank.

If the physical security of the phone is your security, however, this seems
like a reasonable level of trust.

There are many apps, like mine, that have non-sensitive data that just needs
an account for persistence or extra-app activity.

You could adjust this to require the current password instead of showing it,
but in my case that's an unnecessary level of effort. You could still get by
with two input fields, I think.

