Tags: authentication

Solita: This is rude

Let’s be polite. Especially when starting relationships.

The Perpetual, Invisible Window Into Your Gmail Inbox - Waxy.org

Andy sounds a cautionary note: the password anti-pattern may be dying, but OAuth permission-granting shouldn’t be blasé. This is why granular permissions are so important.

Clean up ALL Your Applications Privacy Settings in 2 Minutes

A one-stop-shop with links to the authentication settings of various online services. Take the time to do a little Spring cleaning.

Authentical: Random factoids I’ve encountered in authentication user research so far

Dana has put together an excellent grab-bag of data on people’s password habits.

Developing the OAuth user experience at Twitter

Ben documents the improvements in Twitter’s OAuth flow. Maybe this will help to stop people blindly giving permission to dodgy third-party sites to update their Twitter stream.

Quantum Random Bit Generator Service

There's no such thing as a good CAPTCHA but if there were, these would be ...Best. CAPTCHAs. Ever!

The OpenID and OAuth Flow: Playing with UX · Ben Ward

A thoughtful post from Ben on how the flow of OAuth, OpenID and Facebook Connect can be improved.

Maybe the effort we go to as we think about the... · Ben Ward's Scattered Mind

"Facebook has rolled out an identity system — Facebook Connect — with a slick UI that trains a gazillion tech-naïve users to slap their identity credentials into any old website."

FatBusinessman.com : On Authentication

David has written an excellent comparison of the two differing mindsets when approaching online authentication. In no uncertain terms, OAuth (or an OAuth style authentication) is right and the password anti-pattern is wrong, wrong, wrong.

Beyond CAPTCHA: No Bots Allowed! [Privacy and Trust]

Brothercake looks at the problems, issues, and alternatives to requiring a human to prove that they're not a bot.

OAuth support for Google Accounts and Contacts API - OAuth | Google Groups

As promised by Kevin Marks in the Q&A after my panel at South by Southwest, the Google Contacts API now supports OAuth. w00t!

Flickr: Find your friends

Now this is how to do the "find your friends" trick. For GMail, Yahoo Mail, and Hotmail, Flickr never once asks for your password. Bravo!

Spokeo? More like Spooky-o; bad practice taken to the extreme. at Aral Balkan

Aral points to what is possibly the most egregious password anti-pattern implementation yet: a new startup called Spokeo http://www.spokeo.com/public/join

Coding Horror: A Question of Programming Ethics

A cautionary tale that explains just why the password anti-pattern needs to die. Coding horror indeed: in this case, 1,777 GMail accounts were compromised.

Yahoo!, Flickr, OpenID and Identity Projection

Looks like Flickr has some interesting plans around OpenID. Our reporter Simon Willison is on the scene.