[orthecreedence]

Some feedback: the signup process is difficult. I signed up, 32-char password, but it doesn't have a special character, so I had to regen. Ok fine, whatever. Then a captcha. At least it's not one of the ones that shows a new picture each time you click so you're endlessly clicking buses or manhole covers for 45 seconds. But I get captcha, whatever.

Ok, so I sign up, and now I have to confirm my email. But...it's not a link I can just click, it's a code. So I switch back to the postbag tab, log in again, and it asks me for the code. I switch to email tab, copy the code, switch back to the postbag tab, put in the code. All a bit obstuse, but ok whatever...I'm done, right?

Nope, now I have to log in again after my account is verified.

That said, this looks really interesting and I'm excited to try it out. Thanks for posting!

[systematical]

Agreed, I didn't use a capitalized letter on the password and the sign up failed. The error window appears outside of my viewport so I kept clicking the button and almost bounced.

I would generally do a page refresh on signup/error, that would avoid this as I'd know something happened rather than clicking submit 10 times. But that style of web development is no longer cool, so...

- I would smooth scroll the user up to where the error box is.

- A red border around the input that failed.

[sanjasarin]

Hi all, I'm one of the makers of Postbag. I just saw this thread. We agree with your comments about a bit convulted signup flow. Users already pointed that out to us and we will fix it next week. Thanks for using Postbag :)

[chrismorgan]

You’ll be glad to know that Password1! passed muster.

In other words, if you didn’t already know it, this site is enforcing terrible security practice, and not trying to filter out known-bad passwords. (zxcvbn would laugh at you for trying that. Basically every site that deals with setting passwords should use it.)

The reason it’s terrible security practice is that literally most people will just capitalise the first letter, or add a one, or add an exclamation mark, so it adds roughly no security while making people use passwords that they can’t remember, so they store them insecurely, &c. Sure, people should use password managers and all that, but they don’t.

[Spacemolte]

I agree, too many steps. I already logged in, why do i have to type my email again?