This isn't a problem for me, but I see a steady trickle of people who are confused because they logged in, and their purchases weren't there, etc.
And it's pretty much always that they logged in with a different Oauth provider and created a second account.
I'm aware this is inherent in the system; once DDB decided to do account creation through OAuth, this was gonna happen, but it seems like it's too easy, and you don't do enough to prevent it happening.
Off the top of my head, I can think of two suggestions:
If there are DDB cookies on the browser, put big warnings in account creation that they are creating a new account, and that if they already have an account, it's on one of the other login methods.
On account creation, push people hard to link up their other authentication methods. This also helps protect people from losing their account if the account they're using to authenticate goes away (which I've also seen a few times, with school gmails), and that's probably how this should be pushed.
Will it stop the problem? No. Will it help? I'd think so, but I'm well outside the norm on understanding this stuff.
Rollback Post to RevisionRollBack
To post a comment, please login or register a new account.
This isn't a problem for me, but I see a steady trickle of people who are confused because they logged in, and their purchases weren't there, etc.
And it's pretty much always that they logged in with a different Oauth provider and created a second account.
I'm aware this is inherent in the system; once DDB decided to do account creation through OAuth, this was gonna happen, but it seems like it's too easy, and you don't do enough to prevent it happening.
Off the top of my head, I can think of two suggestions:
If there are DDB cookies on the browser, put big warnings in account creation that they are creating a new account, and that if they already have an account, it's on one of the other login methods.
On account creation, push people hard to link up their other authentication methods. This also helps protect people from losing their account if the account they're using to authenticate goes away (which I've also seen a few times, with school gmails), and that's probably how this should be pushed.
Will it stop the problem? No. Will it help? I'd think so, but I'm well outside the norm on understanding this stuff.