[nycphp-talk] Relax your password rules
Chris Snyder
chsnyder at gmail.com
Mon Jun 9 11:02:18 EDT 2014
>
> More and more people just use "I forgot my password", and deal with it
>> that way. Either you've exchanged the password for a security question, or
>> just access to a user's email.
>>
>
>
For casual access, it's okay to just skip the password field altogether and
use a token sent to email or sms as an authenticator. If you're building
something that a user is only going to log into once a month or less, it
may be less annoying to them to do an email roundtrip then it is to create
yet another password.
At the other end of the spectrum, I preach the gospel of the password
manager to anyone who will listen.
On a side note, I get annoyed at services that want to use Facebook or some
other social network to log me in, because I don't necessarily want my
account on one site to be linked to my account on another. As a user in
that situation, I have to think about a whole raft of other issues: is this
*really* Facebook's form, does the site get access to my timeline and
friends, does Facebook have access to my account on this site, will my
Facebook password still be on the clipboard after I log in, etc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20140609/ed01c081/attachment.html>
More information about the talk
mailing list