Getting website registration completely wrong

I just got a Google alert that someone going  by the name of Teratophoneus on DeviantArt did rather a nice drawing of Brontomerus, one of the dinosaurs I co-described and named:


I wanted to leave an appreciative comment on the picture’s DeviantArt page, so I clicked through the “Join deviantART for FREE” link only to confronted with this registration form:


I wish I knew how this idiot trend of “Retype Email Address” got started (or CTRL-C, Tab. CTRL-V as I think of it). It violates one of the most fundamental principles of UI design: “Every time you require a human user to tell a computer things that it already knows or can deduce, you are making a human serve the machine“.

But if there is ever any point in making users retype anything, then that thing is the password — because it’s not displayed as you type it. When I enter an email address I can see that it’s right; but when I enter a password, I can’t. If I make a typo, then it will pass unnoticed and I won’t be able to log in. The only purpose of “Please re-enter” is to provide a check that I didn’t make a typo in an invisible field.

So what on Earth are we to make of a registration form that makes me enter my visible email address twice and my invisible password once?

28 responses to “Getting website registration completely wrong

  1. You might have a password recovery function, so as long as your email is good you can recover your account.
    what will you say otherwise when you forget your password 2 week later ?

  2. And then you have to figure out an unreadable Captcha rather than a way simpler Turing test…
    And then you have to activate your account via confirmation emails…
    And then they spam you for ever…

  3. when you register at nike+ website, you must enter a password that has at least one capital letter :(
    they are insane or paranoid :(

  4. Ha. This humble post is currently top of Hacker News. I did not see that coming. I guess it taps into a rich vein of frustration.

  5. I disagree with this post. What if the user types in their email and doesn’t ‘see’ that they’ve mispelt their email address, then they’ll think the site is crap when it doesn’t deliver their signup verification or even worse order confirmation email to their inbox, because they were crap and got their own email wrong? By forcing users to retype the email address, it ensures that it is 100% correct and important emails will definitely get delivered…

  6. some user will make a typo error so the server can’t send the right email. but if you enter a wrong password but right email address, that’s ok, because there is a password recovery function.

    and the webmaster may want to deliver something to the user by email.

  7. I don’t see how forcing users to type CTRL-C, Tab, CTRL-V is going to make them any more likely to have typed their email address correctly.

  8. The point in this practice is that if you screw up your email address, you have no way of recovering your password if you forget it – thus the email can be seen more crucial than the password. Though I think it would be more effective just to ask if the email is really correct in the end of the form.

  9. You are forgetting users who have difficulties on writing or reviewing their email address, especially elderly people. They will not recognise that they made a typo and mostly they also don’t know well how to use copy and paste. Letting people write them twice their email will result in a higher chance that typos will be recognized and corrected.

  10. while I agree with the overall premise, I’m going to go out on a limb and assume there is a correlation between users that can even grok what you mean by C-c \t C-v and users that actually verify what they typed before copy/pasting….

  11. In my limited experience with this issue lots of common users are just bad at filling out their email correctly on the first shot. In fact within our target demographic (customers ages 40+) roughly 1 in every 8 users seemed to misspell their own email address. The larger issue here for us was that some of those same customers would come back to the site after a few days and not realize why they couldn’t login or even reset their password despite already creating an account with us. This would often result in frustrated customers calling us telling us our website is broken… These days we make sure we confirm their email. I can’t say for sure but I imagine that even people who copy paste are more likely to catch an error when they’re required to confirm their email address.

  12. As Randall Munroe puts it:

  13. As the owner of an ecommerce store – we get a few people each week who misspell their email then follow up a week later asking for the confirmation and tracking, which were sent to the wrong email. Its a time waster, not to mention the “bounced mail” spam web servers send.

    Our solution was to display their email in a large bold font on the checkout success page so that they can hopefully see it was misspelled and contact us.

  14. Just use a social login. Let social service care about passwords and emails.

  15. Intention was good except for allowing ctrl+c and ctrl+v. May be its a bug.

  16. Any website of any significance aimed at Joe Public understands the pain, suffering and lost hours helping users recover access to their accounts due to mistyped email addresses. anything that reduces this error upfront pays back hugely. on mobile devices, this is even more important.

  17. I can see the frustration, but I disagree that this is completely wrong. I’ve run several online stores and written several e commerce platforms. Users type their email wrong A LOT. This isn’t something that happens a few times a month, I would estimate 10-20% of people type their email wrong then complain when their confirmation emails don’t arrive. For whatever reason people seem to pick complex email addresses anyway they have difficulty typing and remembering. I went to the double email confirmation box a long time ago and this basically solves the issue completely.

  18. Well, it’s not that hard to grasp. As long as you can be sure the address is valid the “forgot password” function will work.

  19. Erik Johansson

    Only allowing [a-z@.-] in email address field is the same thing, you want people to put in the correct email address.

  20. Then there are websites using script to disable copy-paste, and you have to disable script just to fill the email fields, but sometimes the form will fail because it requires javascript to be enabled to work.

    @watzupmark, you got it all wrong. Not only copy-paste will ensure the typo will be there twice but a signup verification email is totally unnecessary to the registration process. what if people don’t have an email address ? Anyways if the typo in before the @ it will work nonetheless as the address is created on the fly by the disposable email I use to register to such websites.

    I would even go as far as asking why is it required to give an email address to register to a website ? It should be optional for those who want to be able to use a password recovery feature and even then it could be done with an instant messaging account, gpg public key or in many other ways.

    PS: funny thing is an email is required to actually post a comment here for no reason relevant to the user.

  21. Pingback: Password confirmation vs. email confirmationPQ User Experence | PQ User Experence, PasteQuery is a question and answer site for user experience researchers and experts

  22. On a Magento site I run that doesn’t require email re-typing I get invalid emails all the time. Typing it twice isn’t a problem imo.

  23. I must say that it makes perfect sense to confirm the email address, let’s face it, most people do have difficulties spotting typos ’cause they’re busing staring at the keys while typing. Those are also the people who do not know about clipboards, let alone keyboard shortcuts. I stopped counting the enraged customers that accused me of being rude after I couldn’t reply to their contact enquiry because they got their email address wrong. Now I make them confirm the addresses and everybody’s happy.

  24. I think the best way to do this is to ask for an email address – once, and only an email address – then send out the the confirmation email to proceed with registration. Nothing can go wrong, you’re guaranteed the email’s good.

  25. Pingback: … Or maybe they’re doing web-site registration completely right | The Reinvigorated Programmer

  26. I guess my previous comment wasn’t posted – it wanted me to log in again… Ok, so I think that all personal data should be input twice – fat fingers are not uncommon in this digital (sic) era… :-)

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.