Login workflow for an occasionally used service
I'm creating an online service for companies to manage registration for annual events. Event attendees will need some way to login to the system to manage their booking, payment, special requests, etc. I expect attendees to login frequently close to the event date and completely forget about the service as soon as the event is over. That means I need to design a login workflow that accomplishes two seemingly conflicting goals
Provides a smooth and easy login experience close to the event date. Normally I would use a user/pass, "remember me" option, or federated ID for this.
Is easy to recover in the coming year when the user probably remembers almost nothing about the account. They may not know which e-mail address or password they used, they may have changed companies and not have access to an old e-mail, they may have a new computer, new IPs, etc.
Cross posted on information security: https://security.stackexchange.com/q/180003/13907