Emil S. wrote in post #1116325: > The user actually "uses" the email ID and can remember it . I can never > remember my "usernames" , usually. Also "forgot password" becomes easy > with > email ID's . But then again, to each, his own.
Yes "forgot password" is easy that way. It's also easy for the hacker who hijacks the email account used to sign into the site. Not only does the owner of the email account lose access to their email itself, but to any web site that user accesses using their email address as their login. Worse yet, it's highly likely there's information available in their email that gives the hacker good clues as to what online services they actually use. Convenience is the enemy of security. The trick is to understand the risks in order to find the right balance. Ideally multi-factor authentication should be used for any sensitive online service, which is certainly not convenient, but is vital to protecting online identity. As for remembering login information, that's what password managers are for. I myself have well over 100 logins stored in my password manager each one with unique auto-generated passwords. With such a tool I only have to remember (and protect) a single password. Any conveniences employed by online services do nothing for me besides reduce the level of security of that given service. -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscr...@googlegroups.com. To post to this group, send email to rubyonrails-talk@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/86ccfaf942fdc8d0a5fdd8fedb188cef%40ruby-forum.com. For more options, visit https://groups.google.com/groups/opt_out.