Re: [IxDA] Retype password field error rates

12 Nov 2010 - 6:31am
5 years ago
1 reply
1461 reads
David Otton

On 11 November 2010 22:30, Dana Chisnell wrote:

> on pattern because IT says there must be a log on. There are other ways to > make users' data secure besides having them create usernames and passwords. > In many cases, the data might be more secure if it is properly encrypted > on a server rather than relying on end-users to use strong authentication.


I can see piggybacking off email or IM authentication credentials (login-link via email) working, but that's really just outsourcing the username/password bit, not replacing it.

Client-side certs are fantastic, but I'd never try to implement them for regular users.

I'd be really interested if you could outline some of the other authentication patterns that are available. Are you thinking of replacing something-you-know with something-you-have?


12 Nov 2010 - 11:55am
Dana Chisnell

The question I'm hoping people will ask is, for account management, is a password necessary? Take Instapaper, for example. You can set up an "account" with your email address, but you don't have to supply a password. They've made a judgement that they're not going to collect personally identifying information, and they've realized that they don't need to make the user "secure" a bunch of links to publicly available content.

Outsourcing the authentication, as you call it, to Facebook, Twitter, Google, or using OpenID, makes it easier for the *user* - since we know that people use the same username and password, anyway. Then it's a question of which entity your company and the users trust. That's why many sites, like offer all those options.


Syndicate content Get the feed