Ali B. wrote: > +1 for removing logging in by email. Usernames are more secure. As appealing > as logging in by email may seem,creating a privately known username making > it twice as heard to guess the login information. >
Is there any evidence to back up this assertation? It only holds true if you use A) a unique unique username, or that every site you use that username on offers the option of having a different display name and B) the same e-mail address for each site. In my case, I tend to use the same username, but different e-mail addresses for different sites. Therefore, in my case at least, removing the option to login by username and _only_ allowing login by e-mail would be more secure. As I've advocated before, I think instead of us making assumptions about how users want to interact with the software, we should, when we have the opportunity take the option that gives the most flexibility. Keep the core simple and open, and allow customization via plugin. -- Sean -- To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/habari-dev
