Hi folks, Does anyone know where I could find a list of best practices around login security? I'm looking for an overview of the most common techniques and how they relate to both security and user experience -- pros and cons.
For instance, I'd like information on: - CAPTCHAs - Site Keys (photographs uploaded by users and shown when they visit the site so they know they are on the genuine site and haven't been phished) - Enforcing strong passwords (vs. showing a password strength indicator but not enforcing it) - Hint questions and when they're useful vs. not useful (though the thread http://www.ixda.org/discuss.php?post=31190 had a great discussion about this) - Emailing lost passwords to users My current client is trying to address some security issues but the particular approaches they've chosen seem somewhat flawed to me. It would be great to find a balanced analysis of the options and plus a list of recent innovations in this field. Thanks very much! Meredith ________________________________________________________________ Welcome to the Interaction Design Association (IxDA)! To post to this list ....... [EMAIL PROTECTED] Unsubscribe ................ http://www.ixda.org/unsubscribe List Guidelines ............ http://www.ixda.org/guidelines List Help .................. http://www.ixda.org/help
