etesync
Require password input twice when registering
Problem
When registering in the Android app, the password is only asked once. As soon as you have filled all fields and pressed "register", you are logged in to your EteSync account. You can then use the app as a contact backup solution without being asked for the password again. Let‘s assume you have mistyped the password and you did not notice it.
When you loose or break your phone afterwards and try to log in to the EteSync account from a new phone, you need to input the same password as on registration – without success. Your only chance to brute force the password manually or develop a software solution allowing for a better brute force attack.
Solution
Asking the password twice when registering should reduce the chance of mistyping.
Hey,
Thanks for the feedback! I agree with the premise, and we tried to alleviate this by making it possible to show the password to verify you typed correctly. Or do you think it's not sufficient?
Another good point you are raising: should we automatically login on signup, or maybe have you login (to make sure you know your password). Though this extra steps is kind of annoying for new users I'd say. I know I dislike it as a user.
Just leaving these questions open, as I don't know the answer.
I can think of several reasons why the current approach might fail:
- Maybe a fraction of users just wants to try out the app to see how it works, and they just want to register as quickly as possible and input some garbage they will never remember.
- Another probably very small fraction does not know that the eye button shows the password.
- Another very small fraction looks at the password but fails to see the typo.
Retyping the password excludes all above reasons, but adds the risk that one inputs the exactly same typo twice. Keeping the "show password" button could reduce this risk a bit.
Personally, I find reading the password not much less cumbersome then retyping the password.