David Latapie wrote: > 2009/12/10 eighty4 <[email protected]>: >> Since I'm the one starting this thread I decide that we'll be voting >> +/- for option number two. I.e. +1 is voting for removing email as a >> login option. >> >> The usual voting rules... If someone figures out a third solution I >> guess we'll have to revote. > > -1 > > Emai-as-login is a growing trend that I consider useful. >
I'd like to suggest another option that puts the burden on us, as the Habari development community rather than the user: Change the user creation system so that if a person attempts to create an account using an e-mail already in the DB they are presented with a dialog that says something along the lines of "An account with that e-mail address already exists. If you wish to create another user with the same e-mail address, the new user will not be able to login using the e-mail address. Do you wish to continue?" This allows the user to: A) Decide they're okay with only logging in via username B) Use a different e-mail address C) Realize they've already established an account on the site and login rather than creating a new user. In response to Owen's comment, it might be wise to add an option (perhaps via a plugin) to disable login-by-email for those that are concerned about that potential attack vector. For me, my username is likely easier to determine than my e-mail address so it's not a significant concern for me. -- Sean T. Evans -- To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/habari-dev
