+1. If a site offers OpenID 'upgrade', the first feature I look for after attaching my OpenID is a way to disable the username/password login capability for my account.<br><br clear="all">--<br>Andrew Arnott<br>"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre<br>
<br><br><div class="gmail_quote">On Thu, May 28, 2009 at 2:00 PM, SitG Admin <span dir="ltr"><<a href="mailto:sysadmin@shadowsinthegarden.com">sysadmin@shadowsinthegarden.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="im"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
I proposed allowing users who originally signed up with a site-specific username/password, then associated their account with (for example) a myOpenID account, to delete their original site-specific password so that they would only be able to log in with myOpenID. To me, this makes sense because the user then has one less password to worry about and keep track of. However, to my co-designer, only crazy people would want such a feature since the user can just stop using their original password if they wish.<br>
<br>
I would be very interested in knowing what you lot think about this.<br>
</blockquote>
<br></div>
Your co-designer has addressed the "keep track of" point, but that "worry about" point is still a strong one. It's like leaving a backdoor in the system, and randomizing the access code when you leave because "we won't need it anymore, and who could possibly guess" . . . well, someone WILL guess, or brute-force it. If it isn't necessary to have another point of entry, DISABLE IT.<br>
<br>
-Shade<br>
_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@openid.net" target="_blank">general@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
</blockquote></div><br>