2 comments

[ 3.0 ms ] story [ 19.1 ms ] thread
What if? Then you have zero security.
A confirmation email would be sent to the user, when they click on the link contained within they'd be directed to a page that would ask them to define a password.

It's about simplifying the on-boarding. The password doesn't need to be defined during the first session. Plus the email encourages re-engagement later that day.