Re: [ia-55] Should you force a log in after initial sign up?

From: Gilbert C.
Sent on: Monday, January 7, 2008 10:24 AM
Other scenarios has to be brought to considerations as well... what if the system needs a validation of the email being a valid one before granting the user access to the application. We know that nowadays there are lots of bots trying to hit new comer services down, for such reason there's been a lot of this security thresholds that try to put a stop to it.

With that said, I've seen services that even though they provide access to their app right away after signing in, this access is only granted for some hours before the user validates its credentials, after which the login becomes locked.

I think you should review all alternative scenarios before deciding the way to go, there could be more than one accurate approach.

My 2 cents,

- Samiq.

On Jan 7,[masked]:00 PM, Alexis < [address removed]> wrote:
I agree with Josh that it's a matter of security and that everyone should have some input as to how secure a site must be and it should not be left to only the engineers to decide. It totally depends on what kind of site it is, for example fidelity.com would require more steps while popsugar.com wouldn't. You just need to find the right balance between making the user do things that are needed for the specific site.. and no more.
 


Josh Schoenwald <[address removed]> wrote:
As to why some sites make you enter your new login credentials after you just registered.... maybe they overlooked the opportunity to bring you in automatically? Or, there may be technical constraints that they're not willing to overcome.

--weston thompson


Another reason for this I think is likely over-cautious engineers. In my experience, engineers often have very acute ideas of how systems like this should be designed, especially when it comes to gaining access to them. I believe there is a strong tendency to put much of the security burden on the development team since they are the ones building the system. I have had to make numerous design concessions in this arena over the years based on what the engineering experts said was 'more secure' when the security improvement was minimal compared to the gain in ease of use. I've found that almost without exception, the ruling goes in favor of 'more security.' I'd guess this is probably a combination of the fact that often those who make these decisions don't fully understand UX design, meaning they are reticent to fully embrace it (though they often harp its importance) and also the knowledge that security always sells to the higher ups.

Of course, that's not to say that engineers should always be ignored (though sometimes we wish we could...); safety is nothing that should be taken lightly and nobody likes being blamed for a security lapse, so you can understand how engineering can justify their cautiousness. On this issue for them, I feel perhaps there's something satisfying about always knowing that when someone is logged in, the very last thing they did was enter their username and password.

-josh


On Jan 7,[masked]:49 AM, Ben Hayes <[address removed] > wrote:
Just wondering what people think about this:

When you first sign up for an account on a website, usually you are
directed to log in with your newly created account.

However, this doesn't seem 100% user-friendly. If I've just entered my
details, selected a password, etc, then why not log me in automatically?

I guess there is a benefit to forcing the user to 'try out' the new
login details before first use. Is that the main reason why sign-ups
don't usually result in automatic logins? Or is it technical laziness?
(Obviously I'm not talking about cases where the email address needs
to be confirmed before login is allowed).

Ben.

BTW: if this post isn't really on-topic for the 'meetup' list,
sorry... let me know and I'll post it somewhere else.




--
Please Note: If you hit "REPLY", your message will be sent to everyone on this mailing list ( [address removed] )
This message was sent by Ben Hayes ([address removed]) from The Los Angeles User Experience Meetup.
To learn more about Ben Hayes, visit his/her member profile: http://ia.meetup.com/55/members/4379367/
To unsubscribe or to update your mailing list settings, click here: http://www.meetup.com/account/?tab=comm

Meetup.com Customer Service: [address removed]
632 Broadway New York NY 10012 USA






--
Please Note: If you hit "REPLY", your message will be sent to everyone on this mailing list ( [address removed])
This message was sent by Weston Thompson ([address removed]) from The Los Angeles User Experience Meetup.
To learn more about Weston Thompson, visit his/her member profile
To unsubscribe or to update your mailing list settings, click here

Meetup.com Customer Service: [address removed]
632 Broadway New York NY 10012 USA





--
Please Note: If you hit "REPLY", your message will be sent to everyone on this mailing list ([address removed] )
This message was sent by Josh Schoenwald ([address removed]) from The Los Angeles User Experience Meetup.
To learn more about Josh Schoenwald, visit his/her member profile
To unsubscribe or to update your mailing list settings, click here

Meetup.com Customer Service: [address removed]
632 Broadway New York NY 10012 USA


Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.




--
Please Note: If you hit "REPLY", your message will be sent to everyone on this mailing list ([address removed])
This message was sent by Alexis ([address removed]) from The Los Angeles User Experience Meetup.
To learn more about Alexis, visit his/her member profile

To unsubscribe or to update your mailing list settings, click here

Meetup.com Customer Service: [address removed]
632 Broadway New York NY 10012 USA



--
_______________________________
Gilbert A. Corrales-Villalobos
[masked] Mobile
[masked] Home
[address removed]

Our Sponsors

People in this
Meetup are also in:

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy