On 06/09/2014 11:02 AM, Chris Snyder wrote:
More and more people just use "I forgot my password", and deal
with it that way. Either you've exchanged the password for a
security question, or just access to a user's email.
For casual access, it's okay to just skip the password field
altogether and use a token sent to email or sms as an authenticator.
If you're building something that a user is only going to log into
once a month or less, it may be less annoying to them to do an email
roundtrip then it is to create yet another password.
At the other end of the spectrum, I preach the gospel of the password
manager to anyone who will listen.
Depends on the password manager and the person. Password managers
which store everything locally have the risk of losing the file.
Password managers where the data is stored in the cloud means that in
all likelyhood all network traffic to and from that cloud server has
been archived by one or more organizations. While the data archived is
useless today, ten years from now it may be trivial to crack for them.
Personally I'm not concerned about this, but then I am an introvert and
not very involved with the world. :-) Someone active in a group like
Amnesty International might be more concerned. And someone associated
with political dissidents in China would defnitely have a good reason to
be concerned.
_______________________________________________
New York PHP User Group Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
http://www.nyphp.org/show-participation
