In early usability testing, I had a user click the Login button instead of Register and then try entering a variety of Email and Password combinations. Of course, they had not account.
I'm thinking that if they enter an invalid User ID (we use email addr right now) we'd say "there is no account with that ID, make sure your Registered".
I don't see this very often in other UI's though. And I suppose there's a risk that someone could try a zillion random email addresses until they get something other than "no user with that email".
I looked @ CheddarGetter.com, for example, and they don't do that. BUT if I click the "forgot my password" and then enter an invalid User ID it'll tell me then. So if it's safe to do it in the latter, it seems safe in the former.
No comments:
Post a Comment