Sign Up Process with NO personal information?

jhesidenz · 13 July 2017 13:52

My company is starting a new project which has design requirements allowing our users to sign-up to save their progress with only a username and password. No Personal Identifiable Information is allowed via our contract. I am just trying to think of the best way to do this and how to overcome some of the challenges like, what happens when a user forgets their username or password?

Ideally it would be much nicer to use an email as their unique identifier but that is PII and isn’t allowed unfortunately. Has anyone else ever designed anything like this?

dopamino · 13 July 2017 15:36

hi @jhesidenz

what exactly PII means?

dougcollins · 13 July 2017 16:16

PII = personally identifiable information. These can be things like name, address, phone, social security number, driver’s license number, passport number, health insurance number, mother’s maiden name-- essentially anything that could be used to connect an account with an individual.

Here in the US, we have a myriad of laws about the use of PII in healthcare and financial apps, especially where there’s a risk of exposing protected information. In the long run it’s probably for the best, but it makes UX work in some cases particularly irksome.

jhesidenz · 13 July 2017 18:28

Thanks doug, that’s exactly what I mean! Any thoughts on the matter of how to structure the signup/login process would be appreciated.

dougcollins · 13 July 2017 20:01

The route I’d take if this were me would be to allow password resets with passphrases. Allow the user to pick any short (<50 character), easy-to-remember phrase. For instance, as a Denverite, I might pick Pat Bowlen’s famous exclamation after the Broncos won Super Bowl XXXII “This one’s for John!” My brother, who’s a big Tarantino fan, might pick “Zed’s dead, baby.”

A few steps to take if you go this route:

Be sure to instruct users these phrases should not be or contain PII
Strip out punctuation from the passphrase-- store plain text only. This will reduce errors resulting from punctuation.
Strip casing from the passphrase to eliminate errors from incorrect capitalization

###Benefits

High entropy makes this difficult for hackers to guess
People remember things they’re passionate about
No PII risks, so long as you specify not to include any PII in passphrase.

###Risks

Some people don’t remember these types of pieces of information well.
Slight variances in phrases can cause errors. “Zed’s dead” vs “Zed’s dead, baby.”

As a side note, there’s an argument to be made for using passphrases instead of passwords for logins, but that’s another story entirely. See https://www.google.com/search?q=passphrase+instead+of+password&ie=utf-8&oe=utf-8 for more info if you’re interested in that argument.

tylernectarux · 14 July 2017 23:20

Depending on the application,
your company may want to look into tools like 0auth and autho and allow people to sign in, in whatever way the user would prefer. Social media login or email or anonymously. Also you want that user data stored in a database to be referenced for communication with your users. The risk of having a user forget their info resulting in data loss would be detrimental. I would ask what the reasoning behind that requirement is and where that’s coming from to identify the root issue. That requirement they provided sounds like a solution for a deeper issue.
In any case, if they are really not allowed to give pii over, passphrase, security questions, image choice verification.

debvorndran · 8 November 2017 22:24

I like the pass phrase option.

Another possibility is “security questions”.

For example: What is your maternal grandmother’s maiden name?

Now that I think about this, the security questions are only good for password reset, not necessarily for forgotten user names.

You could allow them to guess at what their username is, and then see if they can answer the questions.

Maybe when they sign up, remind them to save their username in a safe place. Without an email address or any PII, it may not be possible to recover your account.

dougcollins · 8 November 2017 23:09

The problem with security questions is that they are inherently un-secure and rather easy to guess or research with minimal effort.

A note about the importance of remembering the username is vital. I may not tell them to “save it in a safe place,” but it would be critical to give the warning that if they don’t remember their username, it may not be possible to recover their account.

Put the fear of (the username) god in them!

debvorndran · 9 November 2017 03:14

It’s true that God only knows how many people know the last 4 digits of your SSN, your birthdate, and your mother’s maiden name.

However, if you let them make up their own questions, that is a much more secure approach.

You can suggest some ideas for good security questions, but tell them to make it personal

Think of a question that only you know the answer to.