Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ask HN: Confirm email or password?
2 points by dmc on Sept 27, 2010 | hide | past | favorite | 4 comments
When a user is signing up to a new service(twitter, forum) the standard is that they enter their email once or twice, and their password twice.

The only company to lean away from this that I've noticed is Facebook, who have you enter your email twice and password once.

Which would you do if you were starting a project? I can understand that many Facebook users will be reusing their dictionary-word password everywhere, but I can see both pros and cons to only asking for a password once.

WWHND?



This is a great question and on that I asked myself last week. I am seeing a growing number of people register on my site and with that a larger number of rejected emails because they entered the email wrong. (Note: who ever owns gmial.com probably sees a ton of email sent their way). This made me rethink how people get registered. I think it is probably time to change gears and validate the email and not the password. Sure doing both would be better but I dislike having to double enter everything on a form.

Here is my rational for making the switch. I want users to become engaged. The fact that they are registering means I did something right that motivated them to act. I require, like many others, to validate their email and account by clicking on a link that gets emailed to them. If they never get the link they never get fully registered. I am sure a large number of users would not follow up on this. They were motivated at the time to register but that motivation might not be strong enough to persuade them to troubleshoot their registration. This results in turning a motivated user into a disgruntled surfer.

Plus if the password was wrong they can always reset it with their validated and confirmed email


https://twitter.com/signup

Username once, password once, and email address once. If by some twist of fate I enter my password wrong, they have my email address. They send a confirmation email right away, while I'm still on the signup page, so if I got my email address wrong and that confirmation bounces, I get notified, and I have a chance to correct it (since I'm logged in after account creation).


Whoops, my bad. I was running on memory there


Depends on your audience.

For a tech audience, maybe one of each is fine without confirmation. Technical users would be more careful.

For a much less technical audience (at least 50% of FB users) you can never be too careful. FB would probably ask the user 3 times each, but they'd be guaranteed that their users would then enter it once incorrectly, and may never be able to correctly submit the form.

Seriously though, it does depend on the audience, imo.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: