How about using OpenID for authentication? You'll only have to remember your one password, and you can leave this tedious stuff up to your OpenID server. Most servers already have robust human-verification (CAPTCHA), and password recovery solutions (MyOpenID, Livejournal, Videntity).
Let me just toss in my two cents and say that I really don't like OpenID for primary authentication. It seems to make a lot more sense for secondary auth (like LiveJournal does, for instance). I really don't want to see a conversion to OpenID, but I'd support adding it as an option. Something like "Create your account or log in with an existing OpenID account"? I dunno. I don't know if that's what you were planning or not. What do other people think?
I support using OpenID. I actually brought this up on the development mailing list recently (Brian, you might want to join [0] if you are working on the website).
However, I agree with Ben that such an integration must be handled gracefully. I would propose, that when creating an account, a user can enter their OpenID in lieu of a password. Then, on the login page, a user would either enter a username and password, or, an OpenID (which would redirect to the open-id-server, do the authentication, and return to pdxruby.org).
Also, when a user edit's their account, they should be able to add/change their OpenID. This way, existing users can "switch" to OpenID authentication.
Using an implementation like this, we don't have to change any of the current infrastructure, it just provides a convenient alternative for those who already have an OpenID account.
[0] http://lists.pdxruby.org/mailman/listinfo/pdxruby-dev -- Caleb Phillips IT Specialist Small White Cube _______________________________________________ PDXRuby mailing list [email protected] IRC: #pdx.rb on irc.freenode.net http://lists.pdxruby.org/mailman/listinfo/pdxruby
