Zach’s ugly mug (his face) Zach Leatherman

Registration Forms Suck, Let’s Mitigate Suckiness

January 10, 2009

Signup Form

A lot of people complain about registration forms. Some people have suggested getting rid of them altogether, allowing users to utilize login credentials from accounts they already have through OpenID. But even with a highly technical audience, OpenID adoption is problematic.

So, some sites have gone two ways, allowing OpenID, but also a proprietary registration system. This too, is problematic. It would seem that given a choice, the John Doe the Plumber style user will choose a proprietary account over the confusing user experience presented to them through OpenID.

But the annoyance doesn’t just lie with account registration for web applications. Typing your personal information on every blog you comment at is also repetitive and unnecessary. Some sites even require account registration for something so minor and transient as a blog comment.

Unfortunately, for the time being, it looks like registration forms are here to stay. So, what can we do to make those registration forms more usable, more efficient, and ultimately downright friendly? I know that you’re ahead of me on this one: Let’s auto-complete information for the user.

Please keep in mind that this power can be used for both good and evil. Essentially what we’re discussing here is data mining available information from various social networking sites on the internet, trying to glean personal information about an end user that has volunteered a piece of their data already. What can we get from what we already have?

Once a user has typed in their e-mail address, we can:

If you know any of their social networking usernames, you can:

Those are only some of the proof of concept API’s that I’ve listed here. The interesting piece of this, is that once you have a small piece of information, it opens up the door to other searches.

One can only imagine how many leaves are in this tree. For example:

  • Facebook’s Users.getInfo (in JavaScript)

  • Yahoo’s Social Tools, get an end user’s GUID and go to town on their profile.

    • Google Contacts, I didn’t even start to look through their API’s.
      Before you start jumping the privacy fence to a self induced heart attack, remember that all this information has been volunteered by each individual participating in each of these services. Remember, with great power comes great responsibility.

    What do you think? Scary or useful?

< Newer
ALARMd Unix Time Format for 1234567890 Day
Older >
Scare Your Visitors with this JavaScript Gravatar Plugin

Zach Leatherman IndieWeb Avatar for a builder for the web at IndieWeb Avatar for He is the creator and maintainer of IndieWeb Avatar for https://www.11ty.devEleventy (11ty), an award-winning open source site generator. At one point he became entirely too fixated on web fonts. He has given 79 talks in nine different countries at events like Beyond Tellerrand, Smashing Conference, Jamstack Conf, CSSConf, and The White House. Formerly part of Netlify, Filament Group, NEJS CONF, and NebraskaJS. Learn more about Zach »

  1. Harmen Janssen Disqus

    11 Jan 2009
    This is actually something we have talked about a lot at my work. We are going to try and make it easier for users to create an account by providing a account name, or a Hyves account name (Dutch community website), and hopefully in the future Facebook account names and whatnot.I believe the barrier can be greatly reduced by offering users the possibility of logging in with existing username/password combinations, so it's our goal to support as many relevant socal media sites as possible.
  2. Zach Leatherman Disqus

    11 Jan 2009
    Ah, I didn't check seems like there might be some interest in creating a plugin that will attempt to search out all of these data sources for more information about a user.But one thing you should watch out for is the Password Anti-Pattern.
  3. Chris Heilmann Disqus

    12 Jan 2009
    It is pretty amazing what you can gather from different sources. Would be interesting to write a wrapper API that tries all these (and other) sources and gets the data as one bunch.Zach, the next time I hear the term "Password Anti Pattern" I will scream. Joe end user has no clue about security as we come up with clever terms like these that don't mean anything to people outside the echo chamber. And in this case it is not at all what we are talking about. The problem with logins and passwords is that people don't get the idea that giving both to another party is a bad idea. That is not a Anti Pattern, that is just stupid, and it is time we tell the world in layman's terms. ;)
  4. Zach Leatherman Disqus

    14 Jan 2009
    Well, it certainly isn't Joe end user that's developing applications that implement the (wait for it) "Password Anti Pattern."I definitely understand your negativity towards the approach though, and am definitely very protective of my e-mail account credentials. Twitter, on the other hand, not so much.
Shamelessly plug your related post

These are webmentions via the IndieWeb and

Sharing on social media?

This is what will show up when you share this post on Social Media:

How did you do this? I automated my Open Graph images. (Peer behind the curtain at the test page)