When you’re dealing with thousands of users registering for an event, there will be a small minority that make mistakes. Perhaps they’ll mistype their email address, or put data in the wrong field, or they’ll use an insecure or compromised password. This can result in you being unable to get in touch with them, or their badge having to be corrected on the day of the event. In the worst case, it could lead to their account being hacked and personal data breached because of an insecure password rather than an insecure system.
When choosing a registration system a lot of emphasis is put upon it being user friendly and easy for the organiser, yet well designed systems should also be able to mitigate users’ bad habits. Here’s how to avoid some of the most common mistakes.
Entering the wrong email address
Most sites do simple syntax checks to see that the email address is a valid format. But that won’t catch a typo that is valid syntax, or a mailbox that’s full, or when they entered their ‘old’ email address by mistake. A good system will send the user a welcome email as soon as possible and use technology that tracks bounces. IdeallyUsually, if the email address is invalid, the system cana pop up a warning to the user that their email address isn’t working while they’re still on the site can be achieved.
Choosing an insecure password
Some users struggle when choosing passwords, or they think it doesn’t matter. The ‘old’ way of forcing good passwords was to use rules suggesting: ‘at least one letter, one number and one symbol’, which leads to passwords like ‘password1!’. Current best practice is to enforce ‘strong’ passwords, but rather than expecting users to understand what strong is, use a strength meter that takes multiple factors into account. See the UK NCSC guidance for system developers on password security.
Choosing a breached password
Data breaches happen. Databases full of hacked credentials are traded on the dark web and because of this, you should never use the same password twice, but people do. Current best practice is to check users’ passwords and prevent them from using passwords that are in known breaches. The free service https://haveibeenpwned.com/Passwords from security expert Troy Hunt is a great way to check this.
Forgetting a password
Most sites have a password reset mechanism and the easiest way to do that is to send a reset link to the registered email address. However, users don’t realise how important it is they use an email address that only they can access. Some use a shared email address like info@example.com, or a role-based address such as marketing@example-choir.com. Either of these can lead to other people, now or in the future, resetting the password and gaining access to the personal data in their account.
Putting the wrong info on a name badge
You’re often collecting a lot of information from the user and some will appear on their badge. Perhaps there was a ‘nickname’ field on the registration form, intended to allow ‘Nicholas’ to be called ‘Nick, for example. However, instead he put ‘Naughty Nick’, not realising it’s going to be on his badge. Show a mock-up of the badge on screen and encourage delegates to review it and edit ahead of the event.
Make it easy for yourself
Systems that allow users to enter, check and edit information means your attendees do the heavy lifting and leave you free to work on your events. The attendee has the responsibility to keep their information current. Systems that ask users to check data when signing in after, say, a three month period cuts down on inaccurate data and ensures the users are in control of their data.