[OpenID] allowing users to switch to opendid-only: pointless?
SitG Admin
sysadmin at shadowsinthegarden.com
Thu May 28 21:00:11 UTC 2009
>I proposed allowing users who originally signed up with a
>site-specific username/password, then associated their account with
>(for example) a myOpenID account, to delete their original
>site-specific password so that they would only be able to log in
>with myOpenID. To me, this makes sense because the user then has one
>less password to worry about and keep track of. However, to my
>co-designer, only crazy people would want such a feature since the
>user can just stop using their original password if they wish.
>
>I would be very interested in knowing what you lot think about this.
Your co-designer has addressed the "keep track of" point, but that
"worry about" point is still a strong one. It's like leaving a
backdoor in the system, and randomizing the access code when you
leave because "we won't need it anymore, and who could possibly
guess" . . . well, someone WILL guess, or brute-force it. If it isn't
necessary to have another point of entry, DISABLE IT.
-Shade
More information about the general
mailing list