6

Many web sites ask users to enter their email address twice, sometimes taking the trouble to disable copy-pasting.

What is the logic behind this? Is this e.g. a security measure?

9000
  • 24,162
  • 4
  • 51
  • 79

5 Answers5

28

It's just to try and ensure that you enter the correct address, without typos. Since email addresses are usually the primary contact information for websites, it's considered worth the extra effort to try and make sure it gets entered correctly.

It's sometimes called two-pass verification.

vaughandroid
  • 7,569
  • 4
  • 27
  • 37
  • 4
    This. The user identifier should be entered correctly or the system is inaccessible to said user (without at least the user doing some guess work as to her\his error). Copy-paste defeats this layer of validation since any errors in the original will be repeated. – Peter Smith Jul 17 '12 at 16:55
  • 2
    Exactly right. You'll notice that the same technique is used when setting a new password and sometimes also when entering a long string of digits, such as a bank routing number or account number. – Caleb Jul 17 '12 at 17:07
  • 3
    The same logic would make every shopping page ask for the shipping address twice. After all, if you don't enter the correct address, you won't get your product. It was done for password fields because they are hidden with asterisks. Doing the same for email addresses just doesn't make sense. – Tom Jul 17 '12 at 18:59
  • But is not typing an email by hand more prone to errors than copy-pasting it from a well-known source, e.g. en email directed to me or a notes file? – 9000 Jul 17 '12 at 19:48
  • Everything that gets typed on a keyboard is prone to errors. If the user is concerned about errors, they should install form-filling software like Roboform or LastPass. IMHO, making a typo while entering your email address AND NOT CORRECTING IT YOURSELF is akin to misspelling your own name. – Tom Jul 18 '12 at 12:24
  • @Tom: Companies tend to behave selfishly! If a customer fills in their email address incorrectly, it's likely to cost them money - either by making work for support staff (e.g. hunting through a DB to figure out why a registration email wasn't sent) or from lost custom (customer never receives registration email, so goes elsewhere). Other details (e.g. addresses) can be changed relatively easily by the customer, *assuming the email address is correct.* – vaughandroid Jul 18 '12 at 15:22
  • @Baqueta: "Companies tend to behave selfishly." I agree. But no one would know that the delivery address is wrong until the product was delivered to the wrong address, or was returned as "undeliverable." That is just as "risky" and potentially costly as a typo. Websites should be easy to use, above all else. IMHO, requiring a user to do something twice - especially something that has extremely focused, unverifiable benefit - does not fall into the "easy to use" category. – Tom Jul 18 '12 at 15:32
  • 1
    @Tom **1.** You can perform some validation on addresses: check for valid country/state/Zip code/etc.; check credit card details match address (admittedly not in all cases). **2.** Most websites will attempt to match your address to one in a DB, and if it doesn't match they'll confirm it with you. **3.** Customers always get sent at least one confirmation email which will include the delivery address. **4.** If the customer gets the address wrong, it's provably their fault and the company isn't liable for losses. I could go on... – vaughandroid Jul 18 '12 at 15:49
  • @Baqueta: your points only confirm that requiring email addresses to be entered twice is unnecessary. There are other, more reliable, less annoying ways to do that. – Tom Jul 18 '12 at 16:55
  • 1
    @Tom: You can confirm that a given email address is a *valid* email address, but the only way to confirm it's *correct* is to send the user a confirmation email. If it's incorrect, you either lose the customer or have one of your support staff spend time hunting down the entry in the DB. If you know of other ways to confirm a given email address is *correct* I'd be interested to hear them... – vaughandroid Jul 18 '12 at 17:11
4

I suspect a lot of it is "Grandma's Cooking Secret" programming where the programmer does it because they saw someone else do it. It's following tradition without thinking.

There could some logic originally behind it, such as users in 1996 not knowing that much about how to format email addresses. It could have been done then to avoid errors but then why not double every visible field? However, it probably isn't needed today and is an extra pain for mobile users.

Now, disabling copy/pasting and other tricks can be useful to prevent some automated spamming but they should be non-intrusive for the most part to normal users.

jfrankcarr
  • 5,082
  • 2
  • 19
  • 25
  • 4
    *...probably isn't needed today...* Are people suddenly less likely to make a mistake when entering an e-mail address or password? – Caleb Jul 17 '12 at 17:09
  • 8
    It's not needed at all because I can see what I typed. Unlike passwords that are hidden with asterisks. Just because the field is important does not mean it needs to be entered twice. You are inconveniencing the majority of your users just to protect a handful of idiots. – Tom Jul 17 '12 at 18:51
  • @Tom - Exactly. I've found it more and more inconvenient to deal with this kind of idiot proofing as I do more things from mobile platforms. – jfrankcarr Jul 19 '12 at 14:02
  • @Caleb - Yes, they are because the format of email addresses is common knowledge to most people today. When a double opt-in verification process is used, this will eliminate incorrect emails and most spamming. – jfrankcarr Jul 19 '12 at 14:05
  • Also, people are more likely to c&p now :) – Jack V. Jul 23 '12 at 08:52
  • 1
    -1. It's one the simplest forms of catching email address typos. Much simpler than MX lookup or SMTP mailbox check or even a regex that catches common misspellings. Having worked with high volume systems this happens *all the time*, especially in Australia(I'm sure other countries too) where people type `@gmail.com.au` and `@hotmail.com.au` because of muscle memory of typing .au after .com. – Igor Zevaka Jul 24 '13 at 10:59
  • Also known as "cargo cult programming". – Rufflewind Aug 12 '14 at 01:56
2

It is just the old way of confirming the email address. In old days, you had to enter the same email twice in order to verify it, in the new way, you have to click on a link inside the email to verify it. The new way is far better and makes the first one obsolete.

In this particular case, there is an extra emphasis on email just because it is money related site which is obvious. Other than that this method is not prevalent these days.

TheTechGuy
  • 1,035
  • 1
  • 8
  • 16
1

Short Answer: It is done to prevent the typo (mistakenly entering email address) !

Without this check, user may enter a wrong email address and never get registration feedback email, because he has entered wrong email address. In addition, this checking measure is prevent mass spamming by CaptCHA implementation in place.

Yusubov
  • 21,328
  • 6
  • 45
  • 71
  • 3
    How does it prevent pass spamming? I suppose that a robot fills form fields for a POST request not the way a human fills a web form. – 9000 Jul 17 '12 at 16:52
  • @9000, of course you need to have a CaptCHA implementation in place, if anonymous user can access the form http://www.codeproject.com/Articles/5947/CAPTCHA-Image – Yusubov Jul 17 '12 at 17:01
  • better to mention that this can be easily done with more recent available tools. – Yusubov Jul 17 '12 at 17:04
0

I think it's simply because entering an email address is an error-prone activity. Making you type it twice makes you think about it.

I have no hard evidence for this.

DanDan
  • 275
  • 2
  • 7