Simon Willison’s Weblog

Subscribe

4 items tagged “accounts”

2010

Fixing the Google Account problem. 3,000+ words explaining how to open a Google Doc invitation sent to an e-mail address that isn’t associated with your Google account. Worth reading just to get an idea for the enormous complexity involved in running a large scale identity system and designing an interface for managing aliases and multiple profiles. Google haven’t got it right yet—has anyone else? # 25th January 2010, 11:21 am

2009

“Recover my account” link on the login page. For the record, collecting and verifying e-mail addresses is a VERY good idea, even (especially?) if you accept OpenID. A verified e-mail address is still absolutely the best way to deal with lost passwords or “my OpenID isn’t working”. # 16th February 2009, 10:22 pm

2007

Designing for a security breach

User account breaches are inevitable. We should take that in to account when designing our applications.

[... 545 words]

hasAccount. Stuart proposes a light-weight API for letting any site know if a user has an account (and is signed in) on another service. I wouldn’t want to deploy this without being confident that my CSRF protection was in order. # 28th September 2007, 9:10 am