[nycphp-talk] Relax your password rules
Bill Patterson
bill.patterson1 at comcast.net
Mon Jun 9 17:10:11 EDT 2014
I was once scammed by a site proporting to be using my facebook account
and requiring my facebook user name and password. I thought I'd smell
those situations by now but missed that one until my sister noticed some
things originating from my facebook account that weren't like anything
I'd send. Caveat user.
On 6/9/2014 11:02 AM, Chris Snyder wrote:
>
> More and more people just use "I forgot my password", and deal
> with it that way. Either you've exchanged the password for a
> security question, or just access to a user's email.
>
>
>
> For casual access, it's okay to just skip the password field
> altogether and use a token sent to email or sms as an authenticator.
> If you're building something that a user is only going to log into
> once a month or less, it may be less annoying to them to do an email
> roundtrip then it is to create yet another password.
>
> At the other end of the spectrum, I preach the gospel of the password
> manager to anyone who will listen.
>
> On a side note, I get annoyed at services that want to use Facebook or
> some other social network to log me in, because I don't necessarily
> want my account on one site to be linked to my account on another. As
> a user in that situation, I have to think about a whole raft of other
> issues: is this *really* Facebook's form, does the site get access to
> my timeline and friends, does Facebook have access to my account on
> this site, will my Facebook password still be on the clipboard after I
> log in, etc.
>
>
> _______________________________________________
> New York PHP User Group Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> http://www.nyphp.org/show-participation
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20140609/a287e138/attachment.html>
More information about the talk
mailing list