A couple of weeks ago, I wrote that DeviantArt are getting web-site registration completely wrong by asking for the email address (which you can see as you type it) to be repeated, but not requiring confirmation of the password (which you can’t see).
The DeviantArt people have evidently thought this through, and realised that a mistyped password (like a forgotten one) can be recovered so long as the email address is good. So it makes sense that the email address is more in need of confirmation than the password.
The question is, why did I assume their design was stupid?
Surely it can’t be just because every other site does it differently?
I fear it really is that simple. I’m a fashion victim. And it’s worse than that: not only did I assume the DeviantArt design is wrong without thinking it through, I have personally implemented the single-username double-password registration pattern in at least three different code-bases, again just following what everyone else was doing.
I find that disturbing. I wonder how many other bad design decisions I’ve been following unthinkingly?