> > More and more people just use "I forgot my password", and deal with it >> that way. Either you've exchanged the password for a security question, or >> just access to a user's email. >> > > For casual access, it's okay to just skip the password field altogether and use a token sent to email or sms as an authenticator. If you're building something that a user is only going to log into once a month or less, it may be less annoying to them to do an email roundtrip then it is to create yet another password.
At the other end of the spectrum, I preach the gospel of the password manager to anyone who will listen. On a side note, I get annoyed at services that want to use Facebook or some other social network to log me in, because I don't necessarily want my account on one site to be linked to my account on another. As a user in that situation, I have to think about a whole raft of other issues: is this *really* Facebook's form, does the site get access to my timeline and friends, does Facebook have access to my account on this site, will my Facebook password still be on the clipboard after I log in, etc.
_______________________________________________ New York PHP User Group Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk http://www.nyphp.org/show-participation
