should you ask for password creation in OBW?

So you have a choice here.  When you customers first book online they need to create an account.
they will be providing confidential and potentially sensitive data (address, phone no)
Do you ask them to create a password or not?

For example in our demo system we don't ask for a password when users create an account:


Pros
  • it keeps it quick & simple to register and book
  • most people may not come back around a second time
  • people won't remember a password anyway (and don't like being asked to remember yet another)
Cons:
  • if they DO come back, and use the ALREADY REGISTERED section they won't know the password
  • BUT they just use 'Forgot your password?' link to set one up.

Why do we even need a password at all?  Can't they just sign-in with their email address?


Because they are providing confidential information that we can't just disclose to the next person!  (by hacking or by mistake)


imagine you register to rent a bike one day:


johndo@gmail.com

John


Doe

01 32 XX XX XX 


Then another day along comes John Dolton from a different country


he enters 'nearly' his gmail address (johndol@gmail.com), by does a typo and hits yours.


johndo@gmail.com



to his surprise and yours it makes a booking against YOUR account - potentially revealing your confidential information to a complete stranger (and getting the booking wrong from your point of view)

we could not allow this - Data Protection Acts for one thing.


So you need to secure customer data with passwords.

The only question is do you bother people with that creation up front - or only when they need it (ie return customers)

If you do decide that you do want to ask for a password on account creation then you set it up here:
(check the password boxes for Wizard and Wizard Mandatory)
we ask twice in case they make a typo the first time round...(the 2 boxes have to agree)