My SaaS startup is considering implementing a new sign-up procedure, but we're worried about security and false accounts.
The problem is that there is a delay between sign up and use, which is definitley a leak in our funnel.
Proposed New Method
We get a lot of spam from our contact form and free trial form now. Is there any increased risk of the new method vs. the old method? Does anyone have experience transitioning from one to the other?
How come a captcha and an email with activation link don't work anymore? I suggest these 2 things - they are a de-facto standard, used by virtually all major sites.
I understand the desire to block auto signup spam, but what type of security risk are you concerned about that wouldn't be there already with a captcha solution? Sure, the user isn't validated - but i don't believe that your solution would have the same problem as a forum looking to minimize viagra spam postings would.
There was a good conversation about this topic - captcha vs email conversation vs none which may be of use.
Is there a way to allow people to experience the product without signing up? Then after entering in information they have to create an account to save it? I don't know if this is a valid approach for your offering, but it does work with some companies - once you've entered in some info to see how it works, you are more compelled to create an account to save your work.
Once could incorporate some form robot anti-spam techniques like bad behaviour to minimize your exposure, then integrate a manual validation process via mechanical turk to keep the list scrubbed.
You definitely need to automate this process. You should be able to find several libraries for using a confirmation email process to activate the account. This is very common, automated and pretty reliable. Captcha is another option that can be used in addition to the email confirmation.