I was once scammed by a site proporting to be using my facebook account
and requiring my facebook user name and password. I thought I'd smell
those situations by now but missed that one until my sister noticed some
things originating from my facebook account that weren't like anything
I'd send. Caveat user.
On 6/9/2014 11:02 AM, Chris Snyder wrote:
More and more people just use "I forgot my password", and deal
with it that way. Either you've exchanged the password for a
security question, or just access to a user's email.
For casual access, it's okay to just skip the password field
altogether and use a token sent to email or sms as an authenticator.
If you're building something that a user is only going to log into
once a month or less, it may be less annoying to them to do an email
roundtrip then it is to create yet another password.
At the other end of the spectrum, I preach the gospel of the password
manager to anyone who will listen.
On a side note, I get annoyed at services that want to use Facebook or
some other social network to log me in, because I don't necessarily
want my account on one site to be linked to my account on another. As
a user in that situation, I have to think about a whole raft of other
issues: is this *really* Facebook's form, does the site get access to
my timeline and friends, does Facebook have access to my account on
this site, will my Facebook password still be on the clipboard after I
log in, etc.
_______________________________________________
New York PHP User Group Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
http://www.nyphp.org/show-participation
_______________________________________________
New York PHP User Group Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
http://www.nyphp.org/show-participation
