Twitter account creation is deeply flawed (and so is eBay’s)

Take a look at the Twitter account creation page:

Two big problems:

  1. The password field doesn’t show you the password you enter, and also doesn’t require you to confirm.
  2. The e-mail address field doesn’t verify you actually own the e-mail address you enter.

This evening, I went to create an account for my son Sammy. He and I have been talking about computers, the web, social networking (and sure he’s only three, but some of his insights are just as worthy of sharing as the junk older people tweet). He agreed he wanted to share updates on Twitter, so we worked together to create an account.

Unfortunately, the password I thought I entered wasn’t what I actually entered. And even more unfortunately, the e-mail address I entered for him was not his actual e-mail address. (In my defense, he doesn’t use it yet, and I created it three years ago.)

Even though we were still logged in, I couldn’t change the password (since it required I enter the old one to change it), I couldn’t reset the password (since I didn’t have access to the e-mail address where the new password was set), and I couldn’t change the e-mail address (since that requires entering the password). That meant I was stuck, and the only recourse was to delete the account and start over.

The harm of starting over is:

  1. We lost the updates he and I had typed.
  2. We spammed all the people he had followed, wasting their time.
  3. We spammed the actual owner of the e-mail address I entered. (I sent an apology.)
  4. We lost the username since the account is retained for six months, so had to pick an inferior username.

I sent a help request to twitter to purge the old account so I can reclaim the username from his new account; their help pages say that’s an option. They also say requests take 5-7 business days. We’ll see.

We also saw a few dozen fail whale pages (especially when trying to set the profile picture to the image he picked), so trying this on a Friday night probably wasn’t a good idea. Sammy did love the whale picture at least.

It’s not uncommon for people to fat finger both an unconfirmed password and an unconfirmed e-mail address. Given the design flaws in account creation, I would estimate that tens of thousands of twitter accounts are created each month only to be abandoned later when the user realizes they don’t remember their password and don’t have access to the e-mail address. A responsible account creation design has you confirm an e-mail address.

I recently experienced the other side of this with eBay. Someone named “Edna Stephens” created an eBay account. The e-mail address Edna entered was not hers, but mine. I started getting eBay spam. (I don’t use eBay.) I couldn’t unsubscribe, because the e-mail they sent me had an unsubscribe link that led to a page that required me to log in to change e-mail preferences. I couldn’t send customer support an e-mail because they require you to log in to send a customer support request. I couldn’t log in as Edna and change her e-mail address to something other than mine (or delete her account) because I didn’t know her password. I couldn’t reset her password because the password reset process required knowing biographical stuff like her favorite musician. I was stuck getting spam. Finally I created a new eBay account for myself for the sole purpose of sending a complaint e-mail to eBay. It led to an absurd chat session with several different eBay customer support reps who required me to verify my street address and cell phone number and jump through several other hoops before saying “they’d investigate.” But I haven’t received any eBay spam so they apparently did reset her e-mail address.

The simple fix for both issues is that there needs to be a step where you verify your e-mail address really is yours. The typical process is that after you enter your e-mail address, the site sends you an e-mail with a unique code, and then you enter that code back on the account creation page to continue.

eBay and Twitter don’t do that. They should.

I know why companies don’t always follow that step: Prospects will often not bother waiting for an e-mail and jumping through that hoop, and it also creates problems since a surprising number of people do not know how to copy and paste your code. Those prospects balk at that step and simply don’t join the site — and the prospect is lost.

(From a web development and QA perspective, it’s also more work to code in that verification step.)

It seems most companies would rather get the prospect and deal with incorrect e-mail addresses later. But I think the customer support burden and spam behavior really requires e-mail address verification during account creation.

The company I work for doesn’t require e-mail verification either — but then again, we create a tiny fraction of the accounts each day that are created for twitter and eBay.

Moral: Twitter and eBay should both reconsider their policies of account creation.

By the way, if you are so inclined, you can follow Sammy on twitter as e_sammy. I’ll be changing that back to esammy if I can.

Leave a Reply

AVATAR: Sign up for a free avatar with Gravatar.