Managing Logins for a Members-only Web Site

Posted on March 25, 2005 by David

How to manage member access to member-only areas of an association’s web site is a common question posted to the ASAE Technology listserv. Since I’ve answered it a few times I thought I would go ahead and post my stock reply here to save some typing in the future. 🙂

Many associations, when they first create a member-only area of their web site, have used a member’s ID number and last name to control access. However, that same information is usually listed on mailing labels and membership cards. This method is very easy to set up, administer and communicate to members. However, having that info on mailing labels is definitely a security risk. The size of the risk really depends upon what they can do with the account once they login. If it’s just to view content (usually the case for early efforts), the risk is relatively low. If it can include e-commerce transactions or editing the members’ data in your association management system (what most associations want to add or expand upon now), then the risk is pretty high. Either way, I think it is smart to move to something more secure.

When I came to ASHA in 2000 we were using the same account number/last name scheme for access and that info was and is on every mailing label and membership card. We then implemented a username/password system that allowed the user to create their own login name and password. Over time, we found many members had problems remembering the login name they had created for themselves. A few years later we migrated to using their e-mail address as their login name which has dramatically reduced support calls for lost user names (many of our members call us instead of using the account help tools on the site). Based on our own experience, I would recommend going with e-mail as the login name. That seems to be the emerging standard around the web for many major sites out there (Amazon being the most notable).

Some gotchas to look out for when using e-mail as the username:

Each member must provide a unique e-mail address. Sometimes this is an issue when a spouse shares the same account and is also a member.
You should provide instructions on free services that members without an e-mail address can use to get one (there are still some people without e-mail addresses!). This is also useful in the spouse shared address situation.
Clearly state how the address will be used by the association when the members supplies it to ease privacy/spam concerns on the part of the member
Consider your response to members who refuse to supply you with an e-mail address but want access to the member-only content and services (I have encountered this a few times).
Members should be able to change their e-mail address at any time without having to re-register with the site. In technical terms, test for e-mail uniqueness but don’t use it as the primary key for the record.

Finally, you will need to associate the login with their account number in some way. You might ask for their member ID number at the time they register or associate the login with their account later through some other process. I strongly suggest automating the process as much as possible while still preventing the same ID number from being associated with more than one login.

Hopefully the above info will help you get a jump start on the design (or redesign) of your web site login system.

IE About to Be Standardized?

Posted on March 21, 2005 by David

Just read over on Eric Meyer’s blog that IE development team at Microsoft may be planning on increasing standards support in the browser. Halleluja. Eric offers his thoughts on what they should address first.

The Commons Just Get More Tragic

Posted on March 20, 2005 by David

I’ve been fighting off a link spammer in my wiki this weekend, up to and including banning IP addresses, all of which has been circumvented. So, I’ve decided I have invested enough time in that activity and have taken down the wiki. I still have all the data and will work on republishing it here in some form that won’t get hijacked.

Google Code

Posted on March 20, 2005 by David

Google has released a number of open source code projects developed by their staff: Google Code. A lot of it is pretty esoteric. One that caught my eye was PyGoogle, a python module that can be used to call the Google search API. We use a search engine at work that uses Python, so in theory we could use the PyGoogle library to incorporate google search results with our own. Nifty.

ODEO

Posted on March 18, 2005 by David

The Make blog has the scoop on the new ODEO podcasting service being created by the founder of Blogger. Sounds pretty good, especially on making the recording of a podcast much easier to do.

CiteULike

Posted on March 13, 2005 by David

CiteULike:

CiteULike is a free service to help academics to share, store, and organise the academic papers they are reading. When you see a paper on the web that interests you, you can click one button and have it added to your personal library. CiteULike automatically extracts the citation details, so there’s no need to type them in yourself.

This is delicious for scholarly research. Looks pretty interesting and a great way to conduct collaborative research on like topics. Spotted via David Weinberger.

ACCA Conference & Indoor Air Expo

Posted on March 10, 2005 by David

ACCA has launched a conference blog for their annual meeting: ACCA Conference & Indoor Air Expo. Feel the fire! (That’s the theme of the conference.)

Kevin Holland continues to explore how blogging can be used by his organization. It’s been a lot of fun to watch.

Wikipedia List of CMSs

Posted on March 6, 2005 by David

Here is a Wikipedia page that lists both open/free and proprietary content management systems.

Association Weblog Roundup

Posted on March 6, 2005 by David

There seems to be more and more blogging by association executives and consultants lately. Here is a round up of the ones I’m aware of and remain active. Feel free to chime in on the comments if I’ve missed any.

Kevin Holland, Blogging for Associations
Kevin, a communications director at a trade association, started this blog for a conference session but has kept at it since then. Kevin has written some interesting stuff about how associations can be impacted by social networking software and services.

Jeff De Cagna, The Association Innovation Blog and Associations Unorthodox
Jeff has been blogging for quite a while about associations and innovation, with a particular focus lately on what associations should learn from some of the most innovative ideas and companies out there. He recently got into podcasting and started Associations Unorthodox to host his podcast recordings. I used to tease Jeff about his audio posts, describing myself as a text traditionalist, but I have finally jumped on the podcasting bandwagon as a listener. I catch on eventually, Jeff! 🙂

Jeffrey Cufaude
Jeffrey is a leadership consultant for associations. Quite honestly, I’m not all that familiar with what he writes about since he doesn’t have an RSS feed. Love to read you, Jeffrey, if you had a feed I could subscribe to!

Ben Martin, Passing the CAE Exam
Ben began this blog last year to share his experiences as he studied for the Certified Association Executive designation exam. He is still keeping at it even though he got his CAE earlier this year. Lots of good stuff on here for prospective and current CAEs. Ben is also the very first association blogger to flame another association blogger in a substantive way. At least it’s the first I’m aware of. Good discussion in the comments of that post.

Sue Pelletier, face2face
Sue writes about the meetings industry, which is a big part of most association operations. She is an editor at a meetings trade publication. Sue is probably the highest volume writer in the whole group and covers a wide range of material.

Cecilia Sepp, Association Puzzle
Cecilia is a new association blogger who just got rolling with hers this year. Cecilia is a consultant and writer for associations.

Rich Westerfield, Trade Show Marketing Report
Rich is another consultant in the meetings industry, focusing on trade shows. Lots of good stuff on marketing meetings lately. Rich has also generously offered to Pimp Your Trade Show.

George Breeden, Technoprophet
George is an IT director at an association in DC. He posts lots of useful IT tips and information that are specifically relevant for associations.

Mystery CEO, View from a Corner Office
This blog is written by an association CEO in the Chicago area somewhere. She remains anonymous so she can write without, uh, getting in trouble with her board I suppose. While I think the her writing would be more authentic if she weren’t anonymous (can you be anonymously authentic?) I do think the blog gives an interesting view into the outlook of a top exec.

Update
Adding one more blog here that I just learned about.

Amy Smith, Association eLearning
A new blog by Amy Smith of Amy Smith Consulting. Amy specializes in elearning for associations.

Hiring: Community and Intranet Manager

Posted on February 22, 2005 by David

Ever wanted to manage a staff intranet and a member community for a large membership organization in Rockville, MD? Have I got an opportunity for you! 🙂

The Community and Intranet Manager works on our Community and Knowledge Management team along with myself and Brenda, our Knowledge Manager. I think it is a wonderful position, in that you get to play (er, work) with a lot of fun technology, partner with some of the best web staff in the association world, and facilitate our member and staff communities.

Follow the link above for details on the job (including starting salary range) and how to apply.

C. David Gammel, CAE

Helping associations pursue goals that matter.

Author Archives: David