Captcha vs. Email confirmation vs. None


So we are a site that provides a free trial for our web-based service. We don't have any affiliate marketing that would pay based on leads or sign ups for the free trial.

Right now we just require an email, password, security question and captcha to complete the registration. I know the simpler the sign up, the better the conversions. Someone recently told me each field added can often drop conversions by 3 - 4%. So I would love to simplify and the only place to simplify any further is the captcha.

What are the real pros and cons of Captcha vs. email confirmation vs. not doing either? What actual experiences have you had?



asked Feb 12 '10 at 07:26
4,214 points
Top digital marketing agency for SEO, content marketing, and PR: Demand Roll
  • Thanks for answers below. The issue is what I can do immediately vs. what's going to take a little longer to implement. So I'm with everyone in terms of doing what we can to further simplify. – Chris 14 years ago

8 Answers


Stackoverflow had an interesting conversation about this email confirmation & captchas.

I think the jist of it can be summed up like this:

  • captchas help protect against automated signups
  • email confirmation helps protect against impersonation

I think though, the real question is - how to increase conversions.

Take a look at this article in a list apart that talks about how signup forms must die. A bit harsh, but the core idea is to engage the prospect, capture as little info as possible, then automate the signup.

The fewer the fields the better - and the later in the process, the better.

Here is another article - smashing magazine - about web form design best practices.
(click to page 1 of the article - talks about the methodology and players)

To get to the specifics of your question, you could potentially simplify your signup to a single email field (password could be auto-generated, username could be added in profile) - if you believe that would make a difference.

[edit] Some may say, jeesh, its just a simple field, why the bother? Take a look at this article from user interface engineering entitled the $300 million button. Takeaway: people resist giving information away and abandon signups if presented at the wrong time. Usability testing can confirm this - there are crowdsourced service providers (, for example) that can provide valuable input for under $100 (i think $29 / user x 3).

My favorite line from the article - usability reviewer: "I'm not here to enter into a relationship. I just want to buy something."

answered Feb 12 '10 at 07:51
Jim Galley
9,952 points
  • +1 for killing signup forms. I'd say for Chris's service (, why even require them? Why not let visitors get straight to creating a template, then ask them for an e-mail address to save it / get the code / publish it. – Jay Neely 14 years ago


I would really think about making your app have zero signup and just have a "try it instantly" button that auto creates an anonymous account tracked with a cookie. On each page after that have a top of page div (like StackOverflow) that gives the user a reason and link to click through to create an account or click a survey about why they don't want to. Remove all obstacles for users to try your app for themselves.

answered Feb 13 '10 at 01:36
Doug Martin
123 points


+1 to jimg's answer, which I think is excellent.

So I would love to simplify and the only place to simplify any further is the captcha.

How about removing that "security question" you have? IMHO these can often reduce security as the example of Sarah Palin's email hack illustrates.
answered Feb 12 '10 at 22:33
Jesper Mortensen
15,292 points


I would definitely try to simplify that sign-up page. Since it's a credit card free registration why even ask for verification on email or password, if they mess it up they can sign up again. Also the trend these days seems to be to make the 2 sign-up fields with a larger font. You could add a passive verification email with additional marketing material etc.

Best of Luck,

answered Feb 12 '10 at 11:33
Doug G
446 points


Without email confirmation any people can signup in a site with a email of other person. When that person would sign up the site too, the email will be already in use. The true email owner will need to ask to resend password.

An good way to avoid email confirmations is providing Opend Id And Facebook Connect log in.

answered Aug 21 '12 at 23:02
Ed Pichler
201 points


Get rid of the the captcha and see what happens. If it doesn't cause a problem leave it off.

answered Feb 13 '10 at 13:49
649 points


I'll add my perspective to the very good answers ahead of mine: For a "new" startup, if that can be a term, getting users/customers is paramount so a frictionless model of signing up is always a great idea. A colleague pointed me to sites like and others including this one, where they don't require the user to sign up but over time it becomes addictive and people may be persuaded to sign up. If its interesting users will sign up over time.

We're also added/ adding 3rd party sign up methods as well, such as FB connect and OpenID (still a mystery to a lot of people and poorly marketed). It may be useful to add Google, Yahoo, Twitter as well. In other words most people online already have one of these accounts so go where the people are.

As far as Captcha goes for a new startup, maybe hold off and just go in and delete the robot sign-ups till it becomes a nuisance and when the growth happens with a lot of activity on the site implement a good Captcha system. I say good because there are some that have images so obscure that it defeats vision challenged humans and the last thing you want is to aggravate the user base.

I hope I added something useful.

answered Feb 26 '10 at 17:00
Gary Valan
71 points


Email confirmation varies.
In the worst cases (still happens a lot) plain text password sent back to the user.

In the best practice that is nowadays standard, all it takes is to open your email and click on the link. And if no email arrives, resent the confirmation. Can't be easier really. Even with the slowest possible internet connection. So why would one ever want to avoid it in first place? The benefits are obvious.

As for Captcha ... it gives some of the worst user experience. So use it with great caution at the risk of pissing off a lot of users. And don't forget users with disabilities. If Google gets away with lots of fed up users, it doesn't mean small startup will. Also the benefits are far less obvious.

If you are really worried about robot sign-ups, there are ways to deal with them programmatically. E.g. block or delay too frequent requests from the same IP address. Or anything else "suspicious" if it really causes problems. Or, if you are afraid to lose users, react with Captcha when suspicious activity occurs.

More recently, another common technique of asking "security questions" became popular, but has been also received critics as not very effective and bad user experience.

answered Aug 24 '13 at 23:32
Dmitri Zaitsev
181 points

Your Answer

  • Bold
  • Italic
  • • Bullets
  • 1. Numbers
  • Quote
Not the answer you're looking for? Ask your own question or browse other questions in these topics: