There are more questions below the post, but here’s the kicker:
In working to redesign our eCom system at work, I keep running into passwords. Passwords suck. No one can remember which password they used on a site. Should you use the same password on every site, hoping that none of the sites are compromised? Browser password memory is getting better, but it’s still twitchy and is still tied to your browser. And, really, why do you need a password to order $25 worth of old Men At Work albums?
All of these questions lead to fear — fear of that password text box. You see that box and your heart just sinks. Type in a few wrong passwords and fear leads to anger. Anger leads to hate. Hate leads to suffering eCom sales and speaking in apostrophe.
So what if we got rid of the password altogether?
When you check out, you must provide your email address for the order confirmation, but at no point are you asked to register or provide a password. When you come back to the site, instead of a password, the login looks like this:
On the up-side, there’s no registration. None. The wall doesn’t exist.
I am in no way suggesting that this approach would be appropriate for every website. My company runs a relatively small eCom site with a very loyal userbase, so I think it could work for us. We’d allow the user to specify a password if they really wanted to (which is another reason why the login is two-step, even if it is AJAXified), but for people that aren’t worried about it this would be a much friendlier option. You buy your stuff, and if/when you come back to buy more, we try to make it easier.
Let me put a few qualifiers on the type of site we’re looking at here:
The site does not store payment information.
The site does not allow you to modify an order after it is placed.
The products available on the website cannot be used to generate a psychological profile from your order history. (No pr0n, magazines, political stickers, etc.)
I point these out because there’s a given here: by removing the password and replacing it with something else, we’re essentially removing some security. (Some, but not all.) That is, there’s a better possibility of someone knowing your street address than knowing your password. However, we’ve mostly reduced the attacker profile from J Random Hacker to one of your coworkers, family members, etc. But the assertions above make that a moot point—even if someone got into your account, they couldn’t do anything other than change your shipping address. Even then, it would be shown to you before the next time you checked out, and it wouldn’t be changed for existing orders. Annoying, but not life-altering.
Another person suggested using the last four digits of your credit card, but I’m not too keen on that. Using any part of your credit card number attaches a certain weight to the action. Also, it would mean that we’d have to store the information somewhere, which we very explicitly do not do.
In the end, we’re (theoretically) sacrificing a little security to alleviate the stress of yet another password text box. What do you think, is it worth it? Would you use it?