Hello fellow bakers, I've just baked a simple web-app, http://WhenDidYouLast.com, where I implemented a proof of concept I had been thinking for a while - a passwordless seamless registration, where you don't have to register and don't have to remember you password, just enter your email, check your inbox for authorizing link and voila, you are logged in.
Now I'd like to ask an advise of the community. Do you see any security pitfalls in the idea? Is it not convenient? or lame in any way? :) Personally when I get registered at a next web-app I catch myself thinking about why wouldn't they let me in this simple way and not make me think of a password, save it somewhere etc. and just have me visit my inbox. Unless it is my bank's account, of couse, or a larger scale app. And most of web-apps allow me to reset my password with my email anyway. A couple of websites I am registered at, send me auto-login link when i get a new PM, but still require me to remember password if I'm just visiting. So as far as we're talking about a web-app where I don't need any personal information about you as a user, recognizing and authorizing by email looks like something worth going with. Though I can imagine a user concerned about not sharing his email who would choose to register an account with login and password if it allows him to skip entering email. What do you think? The app is baked with Cake 1.3 rc1, Authsome (aptly named, so to speak!) and Blueprint. Quite simple, I'll be adding some features later :) Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
