I share the same feeling on too pretending password rules: "Your password must contain a capital letter, a number, an emoji, 8 elements from the periodic table and a plot containing a protagonist with some character development and a twist ending."
but I couldn't suggest to make password less restrictive and that's because too often people use the same password just with a small variation. A safer and easier solution is to offer Oauth with Google, Facebook or Twitter. I personally prefer to use my social to log everywhere because they're safe, (thanks 2 step auth!) and I don't have to use OnePassword, or any mental trick to remember all my passwords. So my suggestion is to implement a secure password policy and on top of that implement Oauth. On Mon, Jun 9, 2014 at 11:07 AM, Pierpaolo D'Aimmo <dai...@gmail.com> wrote: > I had issues with FB authentication when trying to login from a mobile. > Last time it happened it was with Grooveshark. I created the account with > a FB login from a desktop, then tried to login on mobile and it was > impossible, since their mobile interface doesn't use FB login. > > Pierpaolo D'Aimmo > +1 201 892 1270 > dai...@gmail.com > > > On Mon, Jun 9, 2014 at 11:02 AM, Chris Snyder <chsny...@gmail.com> wrote: > >> More and more people just use "I forgot my password", and deal with it >>>> that way. Either you've exchanged the password for a security question, or >>>> just access to a user's email. >>>> >>> >>> >> For casual access, it's okay to just skip the password field altogether >> and use a token sent to email or sms as an authenticator. If you're >> building something that a user is only going to log into once a month or >> less, it may be less annoying to them to do an email roundtrip then it is >> to create yet another password. >> >> At the other end of the spectrum, I preach the gospel of the password >> manager to anyone who will listen. >> >> On a side note, I get annoyed at services that want to use Facebook or >> some other social network to log me in, because I don't necessarily want my >> account on one site to be linked to my account on another. As a user in >> that situation, I have to think about a whole raft of other issues: is this >> *really* Facebook's form, does the site get access to my timeline and >> friends, does Facebook have access to my account on this site, will my >> Facebook password still be on the clipboard after I log in, etc. >> >> _______________________________________________ >> New York PHP User Group Community Talk Mailing List >> http://lists.nyphp.org/mailman/listinfo/talk >> >> http://www.nyphp.org/show-participation >> > > > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show-participation >
_______________________________________________ New York PHP User Group Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk http://www.nyphp.org/show-participation
