Managing Logins for a Members-only Web Site

How to manage member access to member-only areas of an association’s web site is a common question posted to the ASAE Technology listserv. Since I’ve answered it a few times I thought I would go ahead and post my stock reply here to save some typing in the future. 🙂

Many associations, when they first create a member-only area of their web site, have used a member’s ID number and last name to control access. However, that same information is usually listed on mailing labels and membership cards. This method is very easy to set up, administer and communicate to members. However, having that info on mailing labels is definitely a security risk. The size of the risk really depends upon what they can do with the account once they login. If it’s just to view content (usually the case for early efforts), the risk is relatively low. If it can include e-commerce transactions or editing the members’ data in your association management system (what most associations want to add or expand upon now), then the risk is pretty high. Either way, I think it is smart to move to something more secure.

When I came to ASHA in 2000 we were using the same account number/last name scheme for access and that info was and is on every mailing label and membership card. We then implemented a username/password system that allowed the user to create their own login name and password. Over time, we found many members had problems remembering the login name they had created for themselves. A few years later we migrated to using their e-mail address as their login name which has dramatically reduced support calls for lost user names (many of our members call us instead of using the account help tools on the site). Based on our own experience, I would recommend going with e-mail as the login name. That seems to be the emerging standard around the web for many major sites out there (Amazon being the most notable).

Some gotchas to look out for when using e-mail as the username:

  • Each member must provide a unique e-mail address. Sometimes this is an issue when a spouse shares the same account and is also a member.
  • You should provide instructions on free services that members without an e-mail address can use to get one (there are still some people without e-mail addresses!). This is also useful in the spouse shared address situation.
  • Clearly state how the address will be used by the association when the members supplies it to ease privacy/spam concerns on the part of the member
  • Consider your response to members who refuse to supply you with an e-mail address but want access to the member-only content and services (I have encountered this a few times).
  • Members should be able to change their e-mail address at any time without having to re-register with the site. In technical terms, test for e-mail uniqueness but don’t use it as the primary key for the record.

Finally, you will need to associate the login with their account number in some way. You might ask for their member ID number at the time they register or associate the login with their account later through some other process. I strongly suggest automating the process as much as possible while still preventing the same ID number from being associated with more than one login.

Hopefully the above info will help you get a jump start on the design (or redesign) of your web site login system.

Hiring: Community and Intranet Manager

Ever wanted to manage a staff intranet and a member community for a large membership organization in Rockville, MD? Have I got an opportunity for you! 🙂

The Community and Intranet Manager works on our Community and Knowledge Management team along with myself and Brenda, our Knowledge Manager. I think it is a wonderful position, in that you get to play (er, work) with a lot of fun technology, partner with some of the best web staff in the association world, and facilitate our member and staff communities.

Follow the link above for details on the job (including starting salary range) and how to apply.

Hosted Drupal Service

Gunnar Langemark has pointed out a new company that provides a hosted Drupal service: Bryght From the site:

Bryght is our Drupal hosted service that enables anyone – from individuals to businesses and organizations – to easily build and maintain a dynamic website with an online community.

I’ve used Drupal for a couple small project groups. It is a great collaborative tool if you can keep everything html based (document management tends to be a bit weak). This service should make it feasible for a much wider array of people to easily take advantage of Drupal.

Event Blogging

Dan Bricklin’s essay on the dynamics of event blogging, based on his experience at the Democratic National Convention, provide some useful thoughts for the bloggers who may cover the ASAE meeting:

What we learn from the Convention blogging:

Event blogging is different than normal, daily blogging. In normal blogging, you watch the world go by and pick and choose things you want to comment upon. There is material online to point to and react to. There are ideas that well up and you take the time to write about, but few people may be waiting for them. There are many, many bloggers. Some read other blogs and choose the posts they think others should read. Through popular gateway blogs like some of the well known political blogs, and tools like Blogdex, Daypop, and more, things bubble to the top.

Events are another thing entirely. The time is very condensed and the amount of information is concentrated. If you are “covering” the event, you have to look at it all and provide perspective to a reader who doesn’t see all of the context that you do. The event marches on and won’t stop for you to take time for thinking and writing. Picking and choosing is harder — if you stop to blog, you might miss the keystone piece of what’s going on.

Good stuff. I know I usually have a hard time just keeping up with voice- and e-mail while at a meeting like this, let alone trying to write something coherent.

Sports Virtual Communities

If you follow virtual community news, you may want to check out the May 16, 2003 issue of Sports Illustrated which has an article about the impact of sports community sites on the lives of coaches and atheletes. The article interprets that impact as largely negative. “Caught in the Net”, p46. Unfortunately SI doesn’t post their print articles online as far as I can tell.

AOL Rediscovers the User

New Software (and Bosses) at AOL is a great article on the NYT web site today. It discusses how the revamped leadership of the company is moving back to being user-centric in their approach to business as opposed to investor-centric. Here is a snippet about their plans to reduce pop-up ads:

The worst fears of Mr. Leonsis and his colleagues became evident late last year as AOL’s monthly surveys found member satisfaction starting to dip. Mr. Leonsis formed a task force to look at why members were canceling their service. It zeroed in on pop-up advertisements, a longtime feature and to many a longtime annoyance. As revenue began to fall last year, AOL had increased the frequency of pop-ups, and members began to complain louder than usual.

A study showed that when the number of pop-up ads was cut in half for a group of members, their satisfaction improved notably. That led not only to a cutback in the number of pop-ups across the service, but was, according to Mr. Leonsis, the catalyst for a revolution within AOL.

The article also indicates they are trying to refocus on the supporting the community of AOL users. Sounds like they are coming back to reality.

Self-herding Cats

From Michael Helfrich’s weblog: Technology Confined Collaboration?

Collaboration is about people. Collaboration needs technology frameworks that support adaptive, ad hoc interactions. Adaptive from the sense of extending functionality on the fly and securely embracing new members on the fly. Simply put, it’s the swarming culture fused with adaptive technology.

Good article from a Groove VP. It reminds me of the famous commercial for a consulting firm that featured cowboys herding thousands of cats across the plains. The joke there is that cats are independent minded beings and are not very receptive to centralized herding control. The other joke is that the consulting firm claimed they could do the herding for you.

Decentralized collaborative software such as Groove and weblogs allow knowledge worker cats to do their own herding. They really won’t be herded any other way.