So you did a great job with your website and now your customers want to get into contact with you. They actually want give you their holy grail and apply for a login. And that's where it usually starts to go south. So many things can go wrong with a registration form that your customer doesn't really feel welcome or safe. In this session we will debug a few real-life examples from a user-experience Point of View. By analysing that we will find ways to make the first contact of a user with our application a better experience. And you don't need to be a coder to see why and how to improve your next registration form.


Comments are closed.

Ivana Matic at 15:46 on 26 May 2019

Clear points, great talk! Thank you!

“Time is an illusion” was great! I remember that as it was yesterday.
I thought that today it will be the same great level.

Ian Littman at 15:57 on 26 May 2019

Well presented.

Was a bit distracting that the presentation wasn't full screen, but that's the biggest nitpick that I have.

BTW, NIST is a US thing, so I imagine that they're advising the NSA rather than GCHQ. Also, apparently the reason for the 16 character password limits seen in a few places is NTLM hashes top out at 16 characters, after which stuff truncates. Bcrypt's limit is 72, at which point it really doesn't matter :)

I liked the way it was presented and also the content itself was good and a valid point was made. I'm also annoyed as a user if there are useless limits or just stupid / not properly thought of UI. Would have been nice if more people attended the talk as I guess many need it...

But I also see that some things were just of a theoretical nature and can't be applied in practise: Nobody likes captchas, but if a large service replaces them with something self-built (well... don't reinvent the wheel...?) or a really simple solution like a trap or a match captcha, bot authors will just write an own script / adoption for it. So that just doesn't work in many cases.

It's the same with the names: While I agree with the names, it's just required for many business domains. You can't sell an airline ticket or register a domain without gathering that information. No matter if your business likes it or not, there are often requirements (legal, from another organisation, etc.) that require separating first and last name. Maybe an even better example would have been Street Name and House Number: Some countries have names for the buildings instead of house numbers and then often house numbers are limited to for example 4 characters. Also many countries specify an apartment name or floor number - often the character limit is just too low for that. Even more annoying with ZIP codes: So many wrong validation examples I ran into - they don't take into consideration that there are also countries with letters inside the ZIP code and not just numbers.

But it was a great talk and the points made are definitely very valid - don't gather information your business doesn't need and don't limit users unnecessarily, be it by silly length limits or not being able to paste into a field, etc. Thanks for the talk!

Good lecture. Not just listing what to do and what not, but clearly explaining why