jtara - 6:51 pm on Sep 5, 2007 (gmt 0)

There seems to be some confusion here, and I'll be the first to admit that I'm one of the ones confused.

Let me see if I can restate the problem as I understand it:

1. We're talking about the user initially setting up their account here, NOT users logging-in to existing accounts.

2. The question is: go with the "standard" of requiring the user to enter the same password in two fields, to help prevent typos and misspellings, or instead to require the password be entered only once, but then immediately verify by going through a "login check".

The way the question is stated is a bit confusing, because it doesn't explicitly state that we're talking about the user initially setting-up their account, and it also implies that using the alternative, the user only has to enter the password once.

As I understand it, the proposed alternative still requires the user to enter the password twice but not on the same page, and - the second time - the system will do a log-in check and/or actually log the user in. So, they get immediate feedback that the credentials are now stored in the system, and were correctly entered.

A key feature, it would seem to me, is that if the login-check or actual login fails, the user is able to correct their password without having to start the whole process over again. (Possibly abandoning a user ID and having to choose a new one.)

Am I getting this right?