Alternative user registration/authorization methods?_问答_开发者

Alternative user registration/authorization methods?

开发者 https://www.devze.com 2023-02-02 09:56 出处：网络

All I want is a persistent membership system and easy registration/login process for my several social applications.

All I want is a persistent membership system and easy registration/login process for my several social applications. I don't really need their e-mail addresses or personal information. However, I don't want to convert my websites into an anonymo开发者_高级运维us board or spamming area for bots, etc. and I don't want to force my visitors to login through their Facebook or Google accounts.

What do you recommend in this case?

Thanks.

You can't have it both ways. Either you want an anonymous site or you need some type of authentication/identification.

There are several easy options for authentication.

E-mail only. You can do authentication with e-mail only and cookies, no password. This isn't common and is often used in addition to passwords for high-security scenarios, but can be used without passwords for even simpler security. Basically have users log-in with their e-mail only. Then send them a confirmation mail and they click a link in the confirmation mail. When they click the link, store a permanent cookie and from then on they're authenticated. If they loose the cookie, they can repeat the process and authenticate again with the same e-mail address. No manual account creation, no passwords. It's really just as or even more secure than using a password. It's a little cumbersome though to get an e-mail to login, but hopefully cookies will not be lost. Several of my banking/credit card companies do this in addition to e-mail and the only time I notice is when I change computers.

E-mail/password. Don't downplay the usefulness and simplicity of a email/password authentication. Users are accustomed to id and it works fine. As long as you have it isolated to a single small form to create an account, it won't really get in the way.

OpenID. I believe all public website should support OpenID as an available authentication mechanism. For people and sites that use it, it's wonderful. Simple authentication and easy to use. Setup is painful for people that don't know what it is or how to use it, so I wouldn't recommend using OpenID only except for techie sites, but it's a great alternative.

I'd suggest you to use OpenID authentication on your website. This way, you need not to worry about the hassles of storing and retreiving user data on your server plus offer the facility to user to use thier OpenID login credentials for your website.

Kimd regards,

Dorcy