Remove the password in registration forms.

Engagement and participation are vital to most online properties. Lowering the barrier to entry breeds early loyalty and allows user continuity. Using Email Registration, Logintoboggan and this module you can reduce the registration form to ONLY email address (and whatever profile fields you create). A random password will be set when registering. You'll need to alter welcome emails and craft messaging for this process. Hide that piece of complexity from first time users.


Turns out this is super similar to Generate Password

Since that has more installs you should check that out.


Installation...

  1. Install/enable the module. (sites/all/contrib/registration_toboggan)
  2. Visit the Logintoboggan settings page.
    • D6: admin/user/logintoboggan
    • D7: configure/system/logintoboggan
  3. Check "Auto-generate password" to remove password(s) from registration forms.
    • You MUST setup a pre-authorized role beyond Authenticated User, read more below...

Presumed Also Using Modules...

  • Logintoboggan Powers a pre-authorized role prior to email validation, email login and various other registration/login improvements. This is a dependency.
  • Email Registration Allows removing usernames from the registration form.

Related Modules...

Security Notes...

Ease of use/participation is often a trade-off with spam and security. With less input required an account can be created and login accomplished with less effort. If permissions assigned to such a user are too high, this is a problem. Examples include: dangerous input formats, use of tokens, file uploads, etc.

Additionally the type of site, account, and personal content needs to be appropriate for such low barrier participation. To use Registration Toboggan you are required to setup a pre-authorized roles within Logintoboggan to keep users with no password set and an un-verified email separate from normal users. Permissions associated with this role of user also must be super low pre-verification. Example: posting comments, editing profile info, flagging favorite items, creating unpublished content. Captchas may still want to be used with this type of user. Bad permissions would include: messaging/friending/bothering other users, editing existing content, posting publicly, etc.

This module should never be used to grant editor/admin roles, just as no site should give administrative permissions/roles without human moderation or a tool like Register Pre-approved.

This module lets you push ease of joining right up to the edge of security. It still maintains a path of acceptable use without stopping a user from using your site.

Project information

Releases