security - Login Credetials: Why not drop the username? -

-

i write hundredth login form when thought crossed mind: why need username?

a while ago dad had change e-mail-address, , still didn't figure out, why can't log various websites new address. i'm not huge fan of individual per-site usernames. , wouldn't easier remember password?

what usernames for? need unique string identify user by. if had password, work until user picks taken password , have tell him “sorry, 'greatpassword123' belongs user” — bad idea.

so part of password needs unique. idea: predetermine first 3 characters! choose lower- , uppercase letters , digits, providing (26+26+10)^3 = 373,248 unique prefixes. @ registration, user dialog, telling him needs password, , starts “n0i” example, has pick rest (“deawhy” comes mind). can log in password only, being “n0ideawhy”, not knowing (or caring) “n0i” unique username.

i see following pros , cons:

pros

  • independence e-mail-addresses
  • user needs remember 1 string
  • might reduce password reuse
  • safe leaked lists
  • faster login through fewer keystrokes

cons

  • need split password-string , submit first 3 characters unencrypted while hashing rest
  • scalability comes dead stop @ 373,248 users (or 26.8 million if use 4 characters)
  • users might skeptical / unexperienced / thrown off not being able reuse standard password

i'm wondering why nobody else did far? there concerns missed?

by adding 3 random characters, created link between password , user, in other words login. beside elements mentionned, login has other problems:

  • it harder remember (xhkr vs john.doe@example.com)
  • it cannot unique across services, if wanted to
  • you need request email anyway in order reset password

what looking has kinda been implemented via social logins:

enter image description here

the idea use independent service handle authentication. if every service owner agree end unified login. raises several concerns (lock-in, hack of provider, personal data dissemination) closest came regarding centralized authentication (the grand father openid): need stay 1 service (or limited few).


Comments

Post a Comment

Popular posts from this blog

google chrome - Developer tools - How to inspect the elements which are added momentarily (by JQuery)? -

-
i looking @ how website designed using inspector in chrome. can use firefox developer tools or firefox web developer add-on or chrome web developer extension. so website has slide-show , using jquery it. looking @ markup , css in inspector, i see 2 things constantly changing slides change: one opacity css property understandable, i'd see changing values, changes fast see read anything. second- a div added in div slides change momentarily , moment when appears short notice except div . so question is there way stop slideshow can temporarily rid of blinking sort of effect (by speedy adding , removal , changing of elements , values)? where can inspect div element gets added such short moment , , gets removed? , can see changes in value of opacity takes place? is there way stop slideshow can temporarily rid of blinking sort of effect (by speedy adding , removal , changing of elements , values)? if opacity animated css transition or animation,
Read more

angularjs - Showing an empty as first option in select tag -

-
my app showing empty select field first entry. have read other solution given , tried still not working. my controller code is: .controller('usercreatecontroller', function(user,profile,auth) { alert("hello"); var vm = this; vm.type = 'create'; profile.all() //this service fetch profiles shown in select field .success(function(data){ vm.profile = data; }); vm.userdata.profile = vm.profile[0]; //here have set default value select field and html page is: <label class="col-sm-2 control-label">profile</label> <div class="col-sm-8"> <select ng-model="user.userdata.profile" ng-options="person._id person.profilename person in user.profile"> </select> </div> hierarchy of vm.profile { "_id": 46, "profile": objectid("5516498e95b84548156db754"), "isactive": true, "password": "$2
Read more

php - Cloud9 cloud IDE and CakePHP -

-
i attempting cakephp running on cloud9, cloud based ide. unaware, cloud collaboration ide intermixes services such bitbucket. site gives sudo rights, , installed cakephp using these instructions: https://www.digitalocean.com/community/tutorials/how-to-install-cakephp-on-an-ubuntu-12-04-vps when attempt run database exported machine cakephp installed, error message "url rewriting not configured on server." attempted solve issue using official guide cakephp: http://book.cakephp.org/2.0/en/installation/url-rewriting.html but no cigar, same error message. has gotten cakephp working, or aware of cloud ide free/low cost cloud9 support cakephp? here's how got working now: sudo apt-get update sudo apt-get install php5-intl curl -ss https://getcomposer.org/installer | php -- --filename=composer ./composer create-project --prefer-dist cakephp/app this creates project in /app default. move workspace docroot: mv app/* ./ mv app/.* ./ rm -rf app then de
Read more