Web Executive at Severn Trent Water
24 June 2008 11:22am
The functional spec for a current project states that users:
- can complete actions A, B and C via standard web form regardless if unregistered
- can complete actions A, B and C as well as X, Y and Z via standard web forms if they are registered, via a user account area.
The decision we're faced with is whether or not we ditch that first element, and insist that all users are registered to complete actions (which are based around account management).
Success of the project will be measured by the number of registered users we have at the end of a defined period.
Now, some of the "best practice" guidelines out there state that unnecessary registration is a bad thing, so to conform to them we need to make those actions available where they'd have the info in front of them. On the other hand, how will they know about the other advantages (aside from text/banners) if we don't make them register?
I wondered what people's thoughts and views on this might be, and what approaches you may have adopted at some point in the past.
Technical Project Manager (MBA, MBCS, CITP, CEng) at Naxtech.com
24 June 2008 13:46pm
I think I have the perfect solution for you, depending on the innerworkings of your system. If you want give me a call on 07712255379 and I'll explain what I have in mind.
25 June 2008 08:04am
I'm not looking for a technical solution I'm afraid (we already have appointed contractors to impliment whetever we go with) - was more interested in what other people may have implimented or views on best practice.
Director at Watson Hall Ltd
25 June 2008 10:38am
I'm sure you will receive some helpful responses from other users here, but from a security point-of-view, you may want to keep the separation. You shouldn't really be asking for un-necessary information unless you can justify why and how it will be used (Data Protection Act). It might be that registration is very straightforward, but these things tend to attract the "we also need to know" questions.
If X, Y and Z have real benefits to the user, they will register. If you need additional user information for those, it makes sense to protect that in some way. For example if registering lets the user recall previous transactions or data submitted.
It's best not to force strict user authentication on the simplest things... but keep that for more sensitive data.
Perhaps allow users to:
All forms that contain personal or sensitive data should be hosted on, and submitted to, a secure server (https). Then ensure you keep the data safe wherever it is stored, displayed or copied to. Check your DPA registration and site's privacy statement. If you work in a regulated area, consider those requirements as well.
Colin WatsonTechnical DirectorWatson Hall Ltd for website security
25 June 2008 11:12am
I was not referring to a technical solution. But the available options on websites are often limited by the existing functionality and structure. That's what I meant.
Managing Director at n3w media
10 August 2008 11:25am
It's an interesting question! Without understanding the actual functionallity of the various functions it is a little tricky, but I would be thinking along the following lines:
1) Is there a meaningful subset of my target user community that would only need to ever use functions A B C? If there is then I would definately make them available only after registration. (Thinking about your success criteria here).
2) Are the functions A B C trivial in the sense that they could be used as a teaser to encourage people to want functions X Y Z? If so then I would design them to be marketing pages with a very strong call to action for people to sign up.
My feeling (based on very limited info) is that I would put all the options into a signed-up members only section and then make sure that the sign up process was not too lengthy (to minimse abandoned sign-ups). I would then make sure that I promoted the account management functions heavily to make sure that I drove people to sign up.
Bottom line - if success is defined as number of people signing up then I can see no advantage in giving users a viable option to make use of the site without signing up.
Not sure if that helps, but it is another perspective!
Free market research on digital marketing
Daily Pulse: award winning newsletter
It takes 30 seconds to register