Are you thinking of building a community website that accepts people as members and requires folks to login under self created usernames and passwords? Well listen up developers.

Registration is a pain in the ass and it’s a huge barrier to entry for some folks, including me. I’m starting to loath all the unnecessary questions.

Don’t make me tell you anything personal because I wont do it. I won’t ever tell you my real name, my real address, my postal code, or my phone number. And I definitely will NEVER tell you my birthday.

So why ask? Don’t make these fields mandatory or I will lie about everything and enter my address as 123 Penis St, Bumhole Town. My online birthday is Jan 1st 1970.

Smojoe has a huge online footprint. With over two hundred accounts on two hundred different social networks, article indexes, blog communities and discussion forums, there’s a lot to protect. This is my entire accomplishment.  Identity theft? Nope. None of these profiles are created in my real name, or contain any personal data that could lead to theft of any kind… except reputation … and the corrosion of social capital.

Smojoe’s User Registration Page Peeves

If I go try and register a username like ‘Jack’ and the website comes back to tell me that my handle must be at least six characters, then I will register ‘jackie’ and then it comes back and says it must have 2 numbers so i register ‘22jack’ but then it says one must be capitalized… arrrrgh! I’m gone. Why impose any restrictions on member’s usernames at all? I mean really, what’s the worst that can happen with a username?

Password Peeves

Another thing that bugs me during registration is when the website to which I’m applying enforces stupidly complicated password constructions because I know that I’ll never remember the alphanumeric nonsense when I return. That means I’ll be stuck using their ‘forget password’ mechanism every time I try and login, and that’s just a huge waste of time. So I’ll probably just cut my losses early and quit the website forever, before I join.

Webmasters Should Limit The Number of Login Attempts Users Can Make Per Minute, Per Hour, Per Day

Limiting the number of login attempts per user is security 101. If you don’t do this, you’re practically setting out a welcome mat for anyone to launch a dictionary attack on your site, an attack that gets statistically more effective every day the more users you attract. In some systems, your account can get locked out if you try and fail to log in a certain number of times in a row. This can lead to ‘denial of service’ attack and is generally discouraged. It’s therefore recommended that webmasters structure their accounts so that each failed login attempt takes longer and longer.

Smojoe Dynamic Passwords

The Smojoe Dynamic Password Technique helps social marketers deal with usernames and passwords on multiple profiles. Its simple.  When registering an account, simply use the first two letters of the website name, and a standard word, as the password. Perhaps your user name? So for example if you were registering an account on Dumpdiggers.com, and your username is Beeboy, your password here would be ‘Dubeeboy’

Tags: dynamic password, hackers, login, registration pet peeves, security 101

This entry was posted on Wednesday, June 17th, 2009 at 8:15 pm and is filed under Actually sharing secrets, security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.