OJR article on user registration

Written by Adrian Holovaty on June 28, 2002

Online Journalism Review has posted a new article about the recent trend of requiring user registration to access news Web sites. Some culprits: The NYT, LA Times, and my hometown favorite, the Trib.

The article, written by J.D. Lasica (who publishes an excellent online-news-focused blog), explains the basic pros and cons of user registration and gives case studies of a few newspaper chains that do it.

The most interesting part was the article's last page, which raised concerns over privacy and personal data -- issues that have bugged me for quite some time. Why should I give the LA Times my income level? (I'm not the only person who's asked.) There seems to be a movement, if you want to call it that, to give bogus information to these things; count me in. I have long been a proponent of listing "1929" as my birth year and "hair care" as my occupation whenever prompted to enter such data. In most cases, there's no incentive for me to give sites valid information.

I'd like to point out something the article didn't mention: the potential for severe password security breaches. Since more and more news sites are requiring registration, users need to juggle more and more user names and passwords. Naturally, people don't want to have to remember 10 different passwords for 10 different news sites -- not to mention any other password-protected technologies in your life, like e-mail -- so it's convenient to use the same password wherever you go. (I'll admit it -- I've done this. And many people I know do the same.)

See where I'm headed with this? If someone is asked to choose a username/password and enter an e-mail address in a user-registration process (e.g. the New York Times'), what are the chances that the person's password for this site and his/her e-mail account password are the same? I'd bet it's very likely. ("Oh, they're asking me to choose a password. I'll just use the same one I always use...")

The result? The New York Times gets a database of e-mail addresses and passwords that very well might be the passwords to those same e-mail addresses. Kind of scary, and worth thinking about.

Comments aren’t enabled for this page.