Your verification code is 0Oo1|lLjirnm5S
SMS support has become commonplace for web applications. The usual set-up procedure is…
- User provides their phone number
- SMS is sent to phone
- User proves they own the phone by inputting data from the SMS.
Paul has previously talked about how we deal with international phone codes in Exceptional, and how you can use this in your own Rails applications. Step 2 is another potential pain point for users. Programmers have a tendency to think “Verification codes? Excellent, we’ll generate a random string of at least 8 characters”. A few calls to Kernel.rand later and voila, you have your user typing in characters that they're reading off their phone. And they get it wrong. Often.
Don’t use random codes! Especially ones using characters that all look so similar. Obviously the code I used in the title is an edge case, but bear in mind it takes only one ambiguous letter to annoy a user. Believe me, a lot of phones suck at displaying our test word:0Oo1|lLjirnm5S
So we use real words, straight from the dictionary. When you register your phone with Exceptional, you’ll get a codeword. Just a random word pulled from the dictionary. Result? No one has entered the wrong codeword yet. It just works.
3 Responses to “Your verification code is 0Oo1|lLjirnm5S”
Sorry, comments are closed for this article.
August 13th, 2008 at 11:38 PM
I hope you've vetted those words?
"Your Exceptional mobile phone verification code is [ broken | missing | gone | boring | coming | late ]" lol!
I've seen a regex string somewhere to check for chars that look similar on a mobile screen too.
August 13th, 2008 at 11:45 PM
Heh. Good point. :-) The next release has the codeword in inverted commas, so that will help.
September 12th, 2008 at 10:34 AM
I'm loving the idea of using a real word as the verification code. You might find Douglas Crockford's base32 useful too:
http://www.crockford.com/wrmg/base32.html