member registration
I need a smote of advice. I wanted to go for ease of use when writing my registration system, but I think I've gone too far.
All the user must do is choose a username and hit enter. A password is generated via random number and md5. The member can then later choose to change their password.
I've decided on skipping the traditional email-confirmation scheme, since I'd rather not collect email addresses and contribute to spam.
I think that this causes more problems than it solves, however. Since after about 40 minutes, the website logs you off and if you didn't save or change your password, you're locked out. There's no email address to confirm identity. I would expect most to then create a new username and pollute the database with orphaned accounts.
My thought is that I should register with a desired username and password. Most people -- I think -- just use the same username-password pair over and over again. In this way, you can guess what your login was months later.
Suggestions? Opinions?
All the user must do is choose a username and hit enter. A password is generated via random number and md5. The member can then later choose to change their password.
I've decided on skipping the traditional email-confirmation scheme, since I'd rather not collect email addresses and contribute to spam.
I think that this causes more problems than it solves, however. Since after about 40 minutes, the website logs you off and if you didn't save or change your password, you're locked out. There's no email address to confirm identity. I would expect most to then create a new username and pollute the database with orphaned accounts.
My thought is that I should register with a desired username and password. Most people -- I think -- just use the same username-password pair over and over again. In this way, you can guess what your login was months later.
Suggestions? Opinions?