- Have a dedicated page for login
- Expose all required fields
- Keep all fields on one page
- Don’t get fancy
A good half-hour presentation by Stephen Rushe on the building blocks of the indie web. You can watch the video or look through the slides.
I’ve recently been exploring the world of the IndieWeb, and owning my own content rather than being reliant on the continued existence of “silos” to maintain it. This has led me to discover the varied eco-system of IndieWeb, such as IndieAuth, Microformats, Micropub, Webmentions, Microsub, POSSE, and PESOS.
Here’s the video of the talk I gave at Design4Drupal last week in Boston. There’s a good half an hour of questions at the end.
Here’s the talk I gave at Mozilla’s View Source event. I really enjoyed talking about the indie web, both from the big-picture view and the nitty gritty.
In these times of centralised services like Facebook, Twitter, and Medium, having your own website is downright disruptive. If you care about the longevity of your online presence, independent publishing is the way to go. But how can you get all the benefits of those third-party services while still owning your own data? By using the building blocks of the Indie Web, that’s how!
Let’s be polite. Especially when starting relationships.
Andy sounds a cautionary note: the password anti-pattern may be dying, but OAuth permission-granting shouldn’t be blasé. This is why granular permissions are so important.
A one-stop-shop with links to the authentication settings of various online services. Take the time to do a little Spring cleaning.
Dana has put together an excellent grab-bag of data on people’s password habits.
Ben documents the improvements in Twitter’s OAuth flow. Maybe this will help to stop people blindly giving permission to dodgy third-party sites to update their Twitter stream.
There's no such thing as a good CAPTCHA but if there were, these would be ...Best. CAPTCHAs. Ever!
A thoughtful post from Ben on how the flow of OAuth, OpenID and Facebook Connect can be improved.
"Facebook has rolled out an identity system â€” Facebook Connect â€” with a slick UI that trains a gazillion tech-naÃ¯ve users to slap their identity credentials into any old website."
David has written an excellent comparison of the two differing mindsets when approaching online authentication. In no uncertain terms, OAuth (or an OAuth style authentication) is right and the password anti-pattern is wrong, wrong, wrong.
Brothercake looks at the problems, issues, and alternatives to requiring a human to prove that they're not a bot.
As promised by Kevin Marks in the Q&A after my panel at South by Southwest, the Google Contacts API now supports OAuth. w00t!
Now this is how to do the "find your friends" trick. For GMail, Yahoo Mail, and Hotmail, Flickr never once asks for your password. Bravo!
Aral points to what is possibly the most egregious password anti-pattern implementation yet: a new startup called Spokeo http://www.spokeo.com/public/join
A cautionary tale that explains just why the password anti-pattern needs to die. Coding horror indeed: in this case, 1,777 GMail accounts were compromised.
Looks like Flickr has some interesting plans around OpenID. Our reporter Simon Willison is on the scene.