OK, changed mockups to show this approach - no CAPTCHA required for 'check availability' unless max_tries has been exceeded.
http://wiki.eclipse.org/Qt_Selector_Account_UI -----Original Message----- From: Alexander Yuhimenko [mailto:[email protected]] Sent: Tuesday, October 27, 2009 9:07 AM To: Higgins (Trust Framework) Project developer discussions Cc: Tom Carroll Subject: Re: [higgins-dev] UI Mockups for Authentication Service 1.1 Hello, On Tue, 27 Oct 2009 05:43:36 -0700 Tom Carroll <[email protected]> wrote: > >> But i think we have to use captcha with case #1 for "Check > >> Availability" and "Confirm Email & Continue". > > Do we need to protect the "Check Availability" with a CAPTCHA, or just the > "Confirm & Continue" transaction? If the former, then I think we need to > break out CAPTCHA/Check Available into its own page. If the latter, then > maybe we put it all into the one page. I'd like to ask captcha for "Check Availability" every time, but it may irritate users. I guess, we may support "Check Availability" without captcha just few first times if server returns http status code 302 (user already exists), for example ask captcha each 3rd request. > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Alexander Yuhimenko > Sent: Monday, October 26, 2009 8:57 AM > To: Higgins (Trust Framework) Project developer discussions > Subject: Re: [higgins-dev] UI Mockups for Authentication Service 1.1 > > Thanks Tom, > > But i think we have to use captcha with case #1 for "Check Availability" > and "Confirm Email & Continue". > > Email is only one of possible ways (channel) to obtain one-time > authentication code, but i couldn't find UI for using sms or something else. > > I believe we don't have to store passphrase on server, do we? > > -- > thanks, > Alexander Yuhimenko > > ... > _______________________________________________ > higgins-dev mailing list > [email protected] > https://dev.eclipse.org/mailman/listinfo/higgins-dev > -- thanks, Alexander Yuhimenko _______________________________________________ higgins-dev mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/higgins-dev
