Sunday, November 19, 2017

registration - Should (and how should I) I use email addresses for login without validating them?


So that users don't have to remember a username, my webapp doesn't ask users to enter one (accounts are private and there are no profiles or user-generated content). However, I would also prefer not to send users a confirmation email when they sign up, since I don't use their email addresses to send them things (except when they reset their password).


However, I recognise this could lead to problems if someone signs up with the wrong email and then the person that really owns wants to register. What is the best way to handle this?



Answer



My observation is it seems like you are trying to throw one stone at a lot of birds.


You mentioned you don't use the email address "except when they reset their password", you in fact mean you are using it and it is important that no user claim access to an email which they don't own. This should require an email validation.


You also mentioned you don't want users to have to remember a separate username from the email address, which seems like a worthwhile goal. You could try to integrate Oauth from other popular services like facebook or google as a way to reduce/simplify the process for some users, depending on their comfort level with shared sign-in.


No comments:

Post a Comment

technique - How credible is wikipedia?

I understand that this question relates more to wikipedia than it does writing but... If I was going to use wikipedia for a source for a res...