> I can't see how you can avoid making the experience for the duplicate user exactly the same as a new user.
The workflow diverges at the email verification step, before you grant any access to the site. Existing users get an email informing them that someone has tried to sign up a second time using their email address while new users get the standard email verification email.
I highly recommend not allowing account creation before email address verification. I have a difficult to spell last name, so I have one email address that contains my initials and a common word instead of my last name. You'd be surprised the number of people who don't know their own email address and the number of sites that allow people to sign up (and apparently transact significantly) without verifying email addresses. Off the top of my head, if I wanted to, I could steal one person's tax accounting account (I got confirmation that they filed their state taxes this year, and later confirmation their state accepted their filing), another person's car rental account, and a third person's business's trash service account. From time to time the one person tries to reset their car rental account password. I imagine I could reset the passwords for all of these accounts (and others) and get the last 4 digits of their credit card numbers and other personal information and use that as a starting point for gaining access to other accounts they own. In the case of the tax account, I could probably re-download the tax paperwork and get their SSN. Neither the tax accounting company nor the car rental agency replied when I informed them that accounts were set up with the wrong email addresses. (I also get business quotes from time to time. Hopefully some day I'll get email from a business or person who knows the person who keeps trying to reset their car rental account.)
If you have enough users who forget they already have an account and your signup process makes them get too far before verifying their email address, consider moving email verification earlier in your workflow.
> I can't see how you can avoid making the experience for the duplicate user exactly the same as a new user.
The workflow diverges at the email verification step, before you grant any access to the site. Existing users get an email informing them that someone has tried to sign up a second time using their email address while new users get the standard email verification email.
I highly recommend not allowing account creation before email address verification. I have a difficult to spell last name, so I have one email address that contains my initials and a common word instead of my last name. You'd be surprised the number of people who don't know their own email address and the number of sites that allow people to sign up (and apparently transact significantly) without verifying email addresses. Off the top of my head, if I wanted to, I could steal one person's tax accounting account (I got confirmation that they filed their state taxes this year, and later confirmation their state accepted their filing), another person's car rental account, and a third person's business's trash service account. From time to time the one person tries to reset their car rental account password. I imagine I could reset the passwords for all of these accounts (and others) and get the last 4 digits of their credit card numbers and other personal information and use that as a starting point for gaining access to other accounts they own. In the case of the tax account, I could probably re-download the tax paperwork and get their SSN. Neither the tax accounting company nor the car rental agency replied when I informed them that accounts were set up with the wrong email addresses. (I also get business quotes from time to time. Hopefully some day I'll get email from a business or person who knows the person who keeps trying to reset their car rental account.)
If you have enough users who forget they already have an account and your signup process makes them get too far before verifying their email address, consider moving email verification earlier in your workflow.