

Ask HN: Confirm email or password? - dmc

When a user is signing up to a new service(twitter, forum) the standard is that they enter their email once or twice, and their password twice.<p>The only company to lean away from this that I've noticed is Facebook, who have you enter your email twice and password once.<p>Which would you do if you were starting a project? I can understand that many Facebook users will be reusing their dictionary-word password everywhere, but I can see both pros and cons to only asking for a password once.<p>WWHND?
======
jpmc
This is a great question and on that I asked myself last week. I am seeing a
growing number of people register on my site and with that a larger number of
rejected emails because they entered the email wrong. (Note: who ever owns
gmial.com probably sees a ton of email sent their way). This made me rethink
how people get registered. I think it is probably time to change gears and
validate the email and not the password. Sure doing both would be better but I
dislike having to double enter everything on a form.

Here is my rational for making the switch. I want users to become engaged. The
fact that they are registering means I did something right that motivated them
to act. I require, like many others, to validate their email and account by
clicking on a link that gets emailed to them. If they never get the link they
never get fully registered. I am sure a large number of users would not follow
up on this. They were motivated at the time to register but that motivation
might not be strong enough to persuade them to troubleshoot their
registration. This results in turning a motivated user into a disgruntled
surfer.

Plus if the password was wrong they can always reset it with their validated
and confirmed email

------
devmonk
Depends on your audience.

For a tech audience, maybe one of each is fine without confirmation. Technical
users would be more careful.

For a much less technical audience (at least 50% of FB users) you can never be
too careful. FB would probably ask the user 3 times each, but they'd be
guaranteed that their users would then enter it once incorrectly, and may
never be able to correctly submit the form.

Seriously though, it does depend on the audience, imo.

------
byoung2
<https://twitter.com/signup>

Username once, password once, and email address once. If by some twist of fate
I enter my password wrong, they have my email address. They send a
confirmation email right away, while I'm still on the signup page, so if I got
my email address wrong and that confirmation bounces, I get notified, and I
have a chance to correct it (since I'm logged in after account creation).

~~~
dmc
Whoops, my bad. I was running on memory there

