Feed Sign in with OpenID OpenID

Simon Willison’s Weblog

8 More Design Mistakes with Account Sign-in (via) Second of a two part series by Jared Spool. I agree with all of them with the possible exception of #15 which advocates providing a non-email password recovery solution. Security “questions” are usually dreadfully insecure, and introduce the need to lock users out of their accounts after just a few tries.

Posted 17th January 2008 at 4:35 pm

Tagged , , , ,

1 comment

  1. I don't entirely agree with #13 as he wrote it in the headline. Allowing username phishing by explaining when the username does or doesn't exist is not cool. However, he recovers lost ground slightly with the first example which is a bit more subtle (almost too subtle).

    Malcolm Tredinnick - 18th January 2008 01:37 - #

Sign in with OpenID

Auto-HTML: Line breaks are preserved; URLs will be converted in to links.

Manual XHTML: Enter your own, valid XHTML. Allowed tags are a, p, blockquote, ul, ol, li, dl, dt, dd, em, strong, dfn, code, q, samp, kbd, var, cite, abbr, acronym, sub, sup, br, pre

A django site