- Be secured with https
- Be comprised of two fields, forcing the user to type the email address twice.
- Be able to perform at least a cursory validation, though the validation will not reject VALID email addresses, such as those with symbols like . or +.
- A "security" question.
- A validation code number (or any string) that you displayed to the user on their browser page after the user submitted their email address on the web form.
- The user's chosen password, providing that you make certain that you never email the password to the user for any reason. (Since you're NOT storing the password in plain text this is not possible anyway, right?)
- Any piece of identifying information that is kept private.
At this point, you can go back to Step 4 of the Validation process above.