Still asking attendees to create an account before they can register for your event? Stop it!

Oh, how I adore being forced to create, remember, forget, then reset an endless stream of passwords every day of my life – just so I can order some coffee capsules, or pay a bill, or … register for an event.

I especially love being forced to do this in cases where I fully expect never to have to visit that particular website again.

And, as I waste my time setting up another pointless account for something or other, I’m forced to smile as I reflect on the fact that the password I repeatedly reuse is, itself, about as secure as a role in the Trump White House.

I joke, of course. Password managers are a godsend.

But nonetheless, I massively resent web sites that make me create an account just to buy something. You probably hate it too, and so do the attendees who want to register for your events.

All of which got me to wondering why so many registration platforms work like this, when it’s totally unnecessary and all it does is annoy people at the precise point when they’re trying to give you their money?

I get that event organisers need to verify my identity so they can do things like let me change my registration or pre-fill my details if I’m a repeat customer. But there are far smoother, less annoying, more secure, and frankly better ways to do all this.

It’s time to ditch the ‘create an account’ workflow in your registration flow and embrace passwordless authentication.

And that’s what we’re looking at in this post.

Why accounts suck

People dislike having to create an account for several reasons.

They may not plan to return to the site again. If they’re making a one-time registration for a specific purpose, why should they have to create an account?

They may dislike account sign-up in general, frustrated with having to remember usernames and passwords for all the sites they visit. Some customers don’t want a site to save personal information about them and they assume that if they create an account, the information will be saved.

Many users associate creating an account with more unwanted email (often for good reason).

But most of all, setting up an account involves extra steps, extra hassle, and extra potential for things going wrong (whether user errors or site errors) and stopping the registration dead.

The higher the interaction cost, the fewer people will complete a process. This is true for any user interface steps, but in the case of event registration, there’s a particularly direct connection between user hassle and lost sales.

Why static passwords suck

The cornerstone of the account workflow is that the customer creates a password for themselves – and it’s this password that allows you to recognise them in future, and lets them authenticate to your site if they need to update their details.

Nothing wrong with that, right?

Wrong! Turns out, people find passwords incredibly annoying.

According to research from security firm Beyond Identity, nearly 40% of Americans experience a high level of password fatigue and 82% have reused passwords across multiple accounts. Gen Z users report the highest levels of stress from having to remember passwords for numerous different accounts.

Also, static passwords (passwords you set yourself and then leave) are not very secure.

Static passwords are susceptible to brute force attacks, where hackers systematically try different combinations until they find the right one.

They’re also key to phishing attacks (where hackers impersonate legitimate entities to trick users into revealing their passwords), and credential stuffing exploits.

Be honest. Do you reuse the same password across multiple accounts? We should all use password managers, but most people don’t – and this increases the risk that a compromised account can lead to a chain reaction of breaches. If one password is stolen or compromised, it can then be used to access other accounts that use the same password.

People also share passwords, write them down and set hopelessly weak passwords like: ‘password’ or ‘hunter2’.

And this is especially true for something as ephemeral as registering for an event. Even people who may register for many of your events over time are wildly unlikely to register more than once for this event right now. What’s more, by the time they do come back to register for another event, they’ll have almost certainly forgotten their password and need you to send them a password reset email.

All in all, accounts and passwords for transactions like event registration are as annoying as they are unsafe.

Thankfully, there’s a better way

And that way is passwordless authentication.

Passwordless technologies get you all the security you need without the hassle of remembering – and ultimately re-setting – static passwords.

There are plenty of reasons why you might need to authenticate a registrant when they visit your event web site, but the two most common are:

• You want to let customers log back in to update / amend their registration details; and
• You want to pre-fill registration fields for returning customers using data from your CRM.

Let’s take a look at how to handle each of these registration flows using two passwordless methods: magic links, and OTP (one-time passwords).

Magic links

A magic link is a passwordless login method where users receive a unique, tokenised link via email to authenticate and access a service. Instead of entering a password, the user simply clicks the link, which logs them in automatically.

This is how AttendZen handles things like allowing attendees to update their registration information.

Say you’re going to allow registrants a certain amount of time, post-registration, to update their details, or decide which sessions they plan to attend.

You would simply include a button in the confirmation email saying something like: ‘Amend my registration’. The button would be a magic link which would take the registrant directly into the registration form. The system verifies the embedded token, authenticates the user, and sets everything up for them to update any fields you allow.

When they click save, they’ll receive an automatic email confirming their changes, and containing a fresh magic link in case they need to edit their details again.

OTP

A one-time password (OTP) is a temporary, unique code used for authentication, valid for only one login or transaction.

Let’s say you want to recognise returning customers (people who have registered for one of your events before) so you can automatically pre-fill their details on your registration form.

Maybe you want to do this because it will save the customer time and effort – not having to re-type their details again.

Maybe you want to offer preferential treatment to repeat registrants.

Or maybe you’ve already cleaned their data up in your CRM (fixing common input issues like block capitals, spelling mistakes, variations on company names etc) and you want to preserve this formatting and avoid untidy duplications on your system.

Here’s how we would do it.

When a registrant enters an email address at the top of a registration form, the system can be set to check whether or not that email address is already linked to an existing customer in your CRM. The validation happens instantly, as soon as the user leaves the email input field.

If the email address is already in your CRM, a message will appear to the effect of: ‘It looks like we already know you! Please enter the 6 digit passcode we just sent to [email protected] and we’ll bring up your details’.

The system then sends an automated message to John Smith containing a unique 6 digit OTP. He types or copies that code into the field and voila! His personal information is pre-filled from your CRM record. No more messy input data and ghost records.

It takes seconds and is effortless compared with typing a static password or initiating a password reset. Because the six digit OTP code is randomly generated, time-limited and only useable once, it’s also more secure.

But what if it’s a group booking?

Well, providing the booking email entered at the start of the registration is successfully validated, we would then pre-fill attendee details based on any further existing customer email addresses entered by the booker – providing those people are already associated in the CRM with the same company as the booker’s validated email address.

So, a single booker can register multiple colleagues from the same organisation, without the hassle of having the individual attendees required to personally validate their own email address every time they get added to a group booking.

This maintains a level of privacy in that (a) the booker will need to verify their own email before having access to any autocompleted data; (b) the booker is only be able to see autocompleted data for other people already known to be colleagues at the same organisation; and (c) they’ll only see autocompleted data for fields you explicitly map to a person’s CRM profile.

Passwordless authentication is the future

So there you have it.

People don’t like being made to set up an account just to buy something or register for your event. Passwords suck, they waste time, cause friction and they’re not even that secure.

It’s 2025 and most of the B2C services your attendees use will have already embraced smoother, more effortless workflows like passwordless authentication.

Isn’t it time you matched that user experience when they sign up for your events?