next »

[meep-online]

This kinda would be great if this became like the new email 

[meep-online]

Btw, I lost my password. Maybe a password reset feature would be good 

[inp o҉rtb]

dude. that is a must-have feature. and one should be able to change the password. i'll work on it in the morning. thanks for the tip

[meep-online]

Its ok 

[inp o҉rtb]

It requires a bit more thought than I expected. We'll need some way of authenticating the user before letting the user change the password ;]

[iKsbjA]

An email should do it.

[inp o҉rtb]

though that would require an email address. i'm thinking something along the lines of birth date and security question. or maybe also include random things like favorite color

what do you think?

and meep-online, i'll dig up your credentials.

[iKsbjA]

though that would require an email address. i'm thinking something along the lines of birth date and security question. or maybe also include random things like favorite color

what do you think?

and meep-online, i'll dig up your credentials.

I understand. Well, Gmail and Hotmail allow you to have an additional email address. In your case, it might be better to ask a security question, or show a 'password reminder' entered at registration or in account settings like "Mom's maiden name with 2nd 'D' capitalized and your phone number's first three numbers", "My first cat's name", "5318008" (enter on a calculator and turn it upside down). This is the most simple to make, can be unsafe though. It could be also a self-made question that must be answered correctly (I don't like given security questions).

[inp o҉rtb]

Great ideas. I'm thinking that the user should be challenged to enter:

correct birth date
answer to security question

After passing this checkpoint, the user would be allowed to either reset the password or guess the password using a reminder, but not see the password itself. I'm not sure if this would be insecure or too much hassle. Ideally, one would not have to reset the password

[iKsbjA]

I think this is good. I use one password for 99% of my web needs, I know this isn't very safe, but it's much easier to remember. I believe most people are like me, so practically they won't need that option very often. You made it very secure, and without the involving of e-mail confirmations (which are damn annoying!). So IMHO it's not too insecure or too much of a hassle.

[meep-online]

You should take a look at how hotmail and stuff does it. With hotmail you can have a secondry email. How about having a feature where you can send the reset password link to another account, or you have to enter birthdate and security question

Or I think theres nothing wrong with having an option to send it to an email address. Because you are never going to completly replace email in the short term, so that could be ok?

[iKsbjA]

Nooo! Please no loads of mails! I mean, c'mon, just look:

Code:

1) Answer security question and/or birthdate (to prevent spamming the secondary account)
2) Check mail for confirmation
3) Visit link
4) Get random password
5) Log in
6) Change password

Now that's what I call too much hassle! Why not do like this (should be more simple to code, too):

Code:

1) Answer security question and birthdate;
2) Choose a reminder or a 'Change password' dialog (automatically logs you in).

The only point of the upper one is the safety of involving a second mailbox, but 99% of all users will have same password for both sites anyways.

[meep-online]

No I don't mean have those 2 idea combined. I meant having 2 options:

1.) Send email with pword
2.) Answer security question

[iKsbjA]

If I would hate you (what I don't do) I could spam your secondary email with new password requests (as there wouldn't be any confirmation to see if it's sent by you). But that's not the biggest problem, but checking mail twice drives me crazy.

Code:

1) Check mail for confirmation
2) Visit link
3) Get random password
4) Log in
5) Change password

is still worse than

Code:

1) Answer security question and birthdate
2) Choose a reminder or a 'Change password' dialog (automatically logs you in)

[antimatter15]

i had an idea.

What if you find a better way to replace the standard *email for finishing registration* thing?

[inp o҉rtb]

Yeah, that's the tough part... thanks for the suggestions! I'll start implementing this stuff after my exams.

Meanwhile, if meep-online would please PM me his username (I think I know what it is; I just need to confirm)...

[iKsbjA]

i had an idea.

What if you find a better way to replace the standard *email for finishing registration* thing?

Yes, I hate it!!!

[inp o҉rtb]

Yep, it's annoying, alright. The alternative would have to be something relatively constant for the person, and easy to handle. Hmm...

[iKsbjA]

If no email for your service (site) is required, no confirmation mail needed (it's for checking if the user really owns that address).

[inp o҉rtb]

right. we need to authenticate the person, not the person's email account. so... what's needed is information that's specific to each individual, but not so private that anyone would have doubts about sending it online. birth date is one example. question/answer is another. SSN is a bad example.