Simon Willison’s Weblog

Subscribe

Monday, 22nd September 2008

Accessibility Experiment. Joe Walker asks what would happen if we threw away the idea of serving the same accessible site to every user and instead tried building specific versions aimed at different disabilities.

# 9:29 am / accessibility, joe-walker

Yahoo could also have followed Gmail's lead, and disabled the security-question mechanism unless no logged-in user had accessed the account for five days. This clever trick prevents password "recovery" when there is evidence that somebody who knows the password is actively using the account.

Ed Felten

# 4:21 pm / security, forgottenpasswords, yahoo, webmail, gmail

Is your Rails application safe? (via) update_attributes(params[:foo]) in ActiveRecord is an anti-pattern.

# 8:28 pm / antipattern, activerecord, rails, security

Google’s Usability Research on Federated Login. Fascinating—suggests an approach to federated auth based on the Amazon.com “Yes, I have a password” login flow. Feels convoluted to me but apparently it tests really well against a mainstream audience. The more research shared around this stuff the better.

# 8:56 pm / google, usability, openid, login, amazon, authentication, federated