6 Tips For Making Website Registration User-Friendly


Registering on a website presents a different challenge at every single domain. Even within Microsoft’s sites, I’ll bet we have 12 different ways to register for a site. Here’s a list of my recommendations for website developers on what you should have in mind for your users during registration.

[I understand that each site has a different security need. These are general recommendations that should apply to everyone. Add spice as needed.]

1) Make your username and password requirements reasonable.

Most people like to use the same username everywhere. Why would you ever set a length limit on usernames and passwords? I encountered a site the other day that only allowed me to have a password that was 6 characters long. No more, no less. Oh, and special characters were NOT allowed.

I would encourage everyone to require a letter, a number, and a special character. If I want my password to be 40 characters, why shouldn’t I be allowed to? (And for those of you that want to start down the SQL injection path, YOUR CODE should be handling for SQL injection. Not the length of your textbox.)

2) CAPTCHAs are a good idea.

There are many malicious people out there writing malicious programs. Make sure that your user is human. Plain and simple.

3) Do you need a security question?

Picking questions for your users to answer can be tricky. As a user, I don’t want to give you any personally identifiable information. That includes where I was born, my mother’s maiden name, my elementary school, or anything else. Let me write both the question AND the answer. It just makes more sense. Then I can use:

Are security questions secure?
Probably not.

In addition, do not require your user to remember which question they chose to answer. How arrogant of you to think that they’ve retained that kind of information for recall. If they can’t remember their username and password, what makes you think that they are going to remember which security questions they answered, let alone what the answer to that is? Make it easy for them.

4) Provide the user with feedback, not a postback.

How many times have you filled out the entire registration form, only to find out that the username you wanted is already taken. And now you have to fill half of the form out again. Annoying. How about AS I type in my username, you cornfirm for me that the username is available. Seems like a little bit of code and some AJAX transport should do the trick. Speaking of feedback, the only thing more annoying than my previous example is when you don’t tell me your password requirements until after I submit the form. If I knew them BEFORE I started typing, I wouldn’t be presented with another step when I get it wrong. Just like an auto-confirm on username, give your user feedback about whether their password conforms to your security requirements. Even if your requirements are ridiculous (see #1).

5) Don’t collect everything up front.

When someone is registering for your site, what do you actually NEED from them? Username, password, email. That should really be it. If you’re doing finances or something super-important like that, perhaps SSN or account number would be appropriate. You don’t need the 100 other things you want to ask. Like address. Or favorite movies. Or anything else. Make registration for registration…not populating your entire database. Once you’ve gotten them registered, however, the sky’s the limit. Give them the ability to fill out a full profile, with picture, personal likes and dislikes, contact information, etc. You can even remind them to fill it out. Just don’t require or even try to collect it during registration unless you absolutely NEED it.

6) Track the traffic through your registration funnel.

If you’ve got a forgot password page that gets a ton of traffic (like greater than 20% of your entries), figure out why, and fix it. (Giving users better instructions around your technical problems IS NOT FIXING IT. Users don’t read.) If the “edge case” pages of your registration system are getting a bunch of traffic, you’ve done something wrong. Not everyone is going to make the perfect path through your registration and login pages. But not everyone should have trouble making the perfect path either. Follow the 80/20 rule. If more than 20% of your users can’t conform to your password requirements, maybe they don’t understand that regular expression you gave them in the instructions. 🙂

This was a quick list of tips for making registration easier for your users, not for the developer creating the pages. Applications should ALWAYS keep the user in mind, and if that makes it more difficult for the developer, so be it. You have to build it once, so that thousands (or hopefully millions) of users can register on your site efficiently and effectively.

kick it on DotNetKicks.com

10 thoughts on “6 Tips For Making Website Registration User-Friendly

  1. You state that there shouldn’t be restrictions on user name, then suggest “I would encourage everyone to require a letter, a number, and a special character.” Why are you enforcing your idea of a secure password on me? If I decide that I don’t really care about my account and I think “mypassword” is secure enough, then I should have that right. If you force me to use “$0m3th1ngIwi11n3v3rremem8er” then I will be annoyed.I completely agree with the security question issue. If you ask me the same questions as my bank, then I’m potentially giving you (or anyone that hacks your site) access to my bank account.

  2. Good stuff! I hadn’t even considered the username feedback, but I have been annoyed by that myself. Thanks for the tips.

  3. Good list. I would like to add a related one. Don’t require that the user must register to read what your site/product is.I have had to sign up for beta sites only to find out the functions it provides after the fact. Once I read them I can tell if I want to use the service. If not then I’m wasting space in your db cause I won’t be coming back. That leads to another – provide a way to delete accounts.

  4. Good tips, especially the security one. Easily guessed if you know somebody well enough.But my main bugbear is registering for an ecommerce site. Why? I’m here to buy something, not give you my life story!

  5. Good post, although I’m not sure I agree with all the points you make. I agree with making the registration process as simple as possible, which usually is not achieved by having Captcha or other verification. Based on feedback from other website owners, rarely do websites suffer from Spam until the site is reasonably successful. Thus, Captcha is good, but perhaps as something you add later. Also, I’ve heard that it is usually better to ask people all questions upfront in the registration process. It’s the only time a user will bear to do such a thing, and if you bug a user with questions later, the user tends to get annoyed. In 7 user tests that I conducted, this was always the case. Hope my comments are helpful and appreciate if you have additional thoughts.- HelloMovies.com representative

  6. Hey. Maybe CAPTCHAs are good, but not for the user. It’s just a commodity for the administrator to filter out spams, but we shouldn’t enforce it on our visitors if we have other solutions: http://blog.primalskill.com/?p=268

  7. 1) Support registration via OpenID.2) Support contact information import via OpenID/SREG and OpenID/AX3) Support contact information import via hCard4) If you’re a social network, import their friend info using XFN.

  8. Nice article Jeff. Sometimes is difficult for a developer when developing his own applications to be on the visitors side, these tips are always a great help.

  9. In making a website first you should think unique domain for your site and good description and keyword that can help you promote your website page in search engine.

  10. Pingback: Is social login the answer to annoying and disruptive user registrations? | Royal Pingdom

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s