views:

113

answers:

6

Consider a new website in development where it requires the users to register for a service.

Lots of sites require a confirm by email and by having the user enter captchas. What's the usage of both these devices?

If a site has a captcha verification, does it still need an email confirmation?

+8  A: 

The captcha tells you that a real person registered, as opposed to a "bot".

The confirmation email tells you that the user entered a real, legit email address that they have control over.

Depending on your needs you may need one or both of these.

Seth Petry-Johnson
+1  A: 

I would think that emails have to be confirmed (i.e. entered again) in order to confirm that it was entered correctly and there are no typos. The captcha is just to make sure you're a real person rather than automation.

If by email confirmation you mean that you validate that the email is in the correct format and actually exists, that would be used to ensure that you have a valid way of reaching the user.

froadie
+3  A: 

You may want to protect your users from themselves, if they put in a wrong email and then after some time forget their password maybe they will be unable to recover their account.

Alberto Zaccagni
+1  A: 

I'd say yes, because you can never be too secure. It's just a way to really confirm that the registered user is really a human. Although CAPTCHA's are an efficient way to handle artificial registrations, email confirmation is a technique that assures that precisely the owner of the email is the one that registers. This is for situations where someone uses someone elses email to register at a site.

brozo
+1  A: 

The captcha is used to make sure the user is human.

And the email confirmation is used to ensure they own the email address.

You don't necessarily need both of these steps. They're seen most on sites that get a lot of traffic, and potentially a lot of spam. So the decision should be made based on the nature of your site.

For example, it's common to see public online forums require both of these because there's incentive for rogue advertisers to spam your site by posting automated comments. And these two mechanisms are somewhat substantial roadblocks to prevent that. By contrast, there's really no incentive for similar organizations to spam a site that is private in nature.

Steve Wortham
+1  A: 

Captcha verifies that you are a human.

Confirmation email verifies that you (the human) has access to a legitimate email address.

jinsungy