Yeah, username + password + email would work. It's not as safe as username + pas... | Hacker News

HN2new | past | comments | ask | show | jobs | submit

		zck on Nov 15, 2009 \| parent \| context \| favorite \| on: Log in or sign up? Yeah, username + password + email would work. It's not as safe as username + password1 + password2, since you can mistype both, but it allows an escape plan. The way HN does it, with just username + password is dangerous, I think, because most people won't, immediately upon registration, go to their profile and put in an email; they'll just start using the site. And if someone mistypes their password once, and can't re-login to the site, they'll be very turned off.

drusenko on Nov 15, 2009 [–]

As long as the increase in sign-up rate is larger than the percentage of users who mistype their password, then it's a net win for the website.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact