Registration Forms Suck, Let’s Mitigate Suckiness

January 10, 2009

A lot of people complain about registration forms. Some people have suggested getting rid of them altogether, allowing users to utilize login credentials from accounts they already have through OpenID. But even with a highly technical audience, OpenID adoption is problematic.

So, some sites have gone two ways, allowing OpenID, but also a proprietary registration system. This too, is problematic. It would seem that given a choice, the John Doe the Plumber style user will choose a proprietary account over the confusing user experience presented to them through OpenID.

But the annoyance doesn’t just lie with account registration for web applications. Typing your personal information on every blog you comment at is also repetitive and unnecessary. Some sites even require account registration for something so minor and transient as a blog comment.

Unfortunately, for the time being, it looks like registration forms are here to stay. So, what can we do to make those registration forms more usable, more efficient, and ultimately downright friendly? I know that you’re ahead of me on this one: Let’s auto-complete information for the user.

Please keep in mind that this power can be used for both good and evil. Essentially what we’re discussing here is data mining available information from various social networking sites on the internet, trying to glean personal information about an end user that has volunteered a piece of their data already. What can we get from what we already have?

Once a user has typed in their e-mail address, we can:

Retrieve Twitter profile information (example shown on Chris Heilmann’s blog):
- Full Name
- Short Personal Description
- Location
- Web site URL
- Time Zone
- Favorite Colors (used on their profile)
Retrieve an avatar if they’ve registered for the Gravatar web service (See my earlier post discussing this).
Get their upcoming calendar events from a public Google Calendar. (Perhaps not as useful for autocompleting forms, but interesting)
Find their UID on Flickr, which gives you a source for:
- Full Name
- Location
- Flickr Avatar

If you know any of their social networking usernames, you can:

find their MyBlogLog profile, if they’ve linked the service to their account (Sample query, I added my twitter). Now we have:
- MyBlogLog Screen Name and ID, from which you get their MyBlogLog profile:
  - Nickname
  - Picture
  - Age
  - Sex
  - Location
  - A list of tags they use to describe themselves.
- MyBlogLog Avatar

Those are only some of the proof of concept API’s that I’ve listed here. The interesting piece of this, is that once you have a small piece of information, it opens up the door to other searches.

One can only imagine how many leaves are in this tree. For example:

Facebook’s Users.getInfo (in JavaScript)
Yahoo’s Social Tools, get an end user’s GUID and go to town on their profile.
- Google Contacts, I didn’t even start to look through their API’s. Before you start jumping the privacy fence to a self induced heart attack, remember that all this information has been volunteered by each individual participating in each of these services. Remember, with great power comes great responsibility.
What do you think? Scary or useful?

Zach Leatherman is a builder for the web at Font Awesome and the creator/maintainer of Eleventy (11ty), an award-winning open source site generator. At one point he became entirely too fixated on web fonts. He has given 84 talks in nine different countries at events like Beyond Tellerrand, Smashing Conference, Jamstack Conf, CSSConf, and The White House. Formerly part of CloudCannon, Netlify, Filament Group, NEJS CONF, and NebraskaJS. Learn more about Zach »

Harmen Janssen Disqus

11 Jan 2009

This is actually something we have talked about a lot at my work. We are going to try and make it easier for users to create an account by providing a Last.fm account name, or a Hyves account name (Dutch community website), and hopefully in the future Facebook account names and whatnot.I believe the barrier can be greatly reduced by offering users the possibility of logging in with existing username/password combinations, so it's our goal to support as many relevant socal media sites as possible.

Zach Leatherman Disqus

Ah, I didn't check Last.fm.It seems like there might be some interest in creating a plugin that will attempt to search out all of these data sources for more information about a user.But one thing you should watch out for is the Password Anti-Pattern.

Chris Heilmann Disqus

12 Jan 2009

It is pretty amazing what you can gather from different sources. Would be interesting to write a wrapper API that tries all these (and other) sources and gets the data as one bunch.Zach, the next time I hear the term "Password Anti Pattern" I will scream. Joe end user has no clue about security as we come up with clever terms like these that don't mean anything to people outside the echo chamber. And in this case it is not at all what we are talking about. The problem with logins and passwords is that people don't get the idea that giving both to another party is a bad idea. That is not a Anti Pattern, that is just stupid, and it is time we tell the world in layman's terms. ;)

14 Jan 2009

Well, it certainly isn't Joe end user that's developing applications that implement the (wait for it) "Password Anti Pattern."I definitely understand your negativity towards the approach though, and am definitely very protective of my e-mail account credentials. Twitter, on the other hand, not so much.