[OpenID] Combining Google & Yahoo user experience research
John Panzer
jpanzer at acm.org
Tue Oct 14 18:23:21 UTC 2008
Dick Hardt wrote:
> ...
>> For instance, many websites require a verified email address to
>> register.
>>
>
> It would be useful to understand why the website wants a verified
> email address, as it may not be required when an identity protocol is
> available.
> A number of reasons come to mind:
>
> 1) password reset mechanism
>
> 2) further assurance there is a person on the other end instead of a bot
>
> 3) push info to the user via SMTP
>
> There are other ways to do (2) and (1) is really an identity protocol.
> (3) is shifting with the rise of SMS and other messaging as email
> declines from the use of spam.
>
>
#2 is not very useful at this point unless combined with email provider
blacklists
#3 is useful but there are many, many application that don't need an
email address unless the user actually gives consent. If this happens
as part of login/signup and is absolutely required, then yes, it's
useful at that point. I think this is a minority use case (or should be).
I can also think of #4: I have existing legacy systems that are based
on having the verified email address (especially as a foreign key), and
want to migrate incrementally, if at all.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081014/f4c4f0a5/attachment-0002.htm>
More information about the general
mailing list