some method for us to attach preentered data about that user who has not yet accepted the invitation.

That's easy enough; on these cards, give folks a short "Invite Code", and a standard URL for account creation -- this is one less chunk of initial info than the "username + password + URL" you have, as well as slightly more secure -- your commentary does not explain how you intend to defend against someone other than the user getting their hands on someone's card.

The "Invite Codes" act as one-time pads for creating that initial acct., and passing the data on -- this is similar to the "two forms of authentification" methods that recent legislation asks banks and other financial institutions to implement for Internet-based activities. Having the one-time pad also means that, if your database is hacked, at least the preexisting data is NOT tied to specific people and logins.

Your comments seem to underline security, yet because you have a guessable scheme, a kid with a half-day off from work could suss out the overall scheme, and start a dictionary attack to guess usernames and passwords. This is unwise; note that most high-security areas do not pre-generate userids or passwords, and this is one of the reasons.

Reference the other comments about forgetting usernames and passwords for that, as well, so be ready for most of your Internet-unsavvy users writing the information down on Post-It notes. As someone who did Tech support for years, I 2nd, 3rd, and 4th that the harder it is to remember these things, the more they are written down, and the harder it becomes to secure your environment.

Overall, I think your emphasis on "ease of use" does not factor in real world conditions. If your service is "good enough", people will be happy to deal with a simple login and registration process. Building real trust and interest, in my experience, comes not from making logins that any script kiddie can suss out, but from building a solid foundation where people feel comfortable with the program in question. AOL tactics worked for AOL, but the millions of floppys, CDs and DVDs with AOL software, and their declining share of the market, say something as well. I strongly suspect you'll spend better money on an infrastructure that's easy to use _and_ secure, over mass, or even semi-targeted, mailings.

----Asim, known to some as Woodrow.

In reply to Re^3: Autogenerating usernames by Asim
in thread Autogenerating usernames by EvanCarroll

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.