cschum at suse.de
Wed Jan 14 11:42:34 UTC 2009
While looking for best practices for OpenID account recovery in cases where a
user can't access to the OpenID provider which was used in his account, I
came across this document: https://openid.pbwiki.com/Fallback-account-access
I'm wondering, what the experience is with these kind of techniques. Alternate
OpenIDs, Multiple-delegation, and email recovery using confirmed email
addresses all require the user to set this up in advance before the problem
occurs. So either the users are forced into e.g. confirming an email address
or at least some of them don't have a chance to get access to an account
again, if the associated OpenID provider goes down. Both doesn't seem to be
optimal to me.
Are there any alternative ideas how to handle account recovery for OpenID?
Cornelius Schumacher <cschum at suse.de>
More information about the user-experience