Let’s be polite. Especially when starting relationships.
Andy sounds a cautionary note: the password anti-pattern may be dying, but OAuth permission-granting shouldn’t be blasé. This is why granular permissions are so important.
A one-stop-shop with links to the authentication settings of various online services. Take the time to do a little Spring cleaning.
Dana has put together an excellent grab-bag of data on people’s password habits.
Ben documents the improvements in Twitter’s OAuth flow. Maybe this will help to stop people blindly giving permission to dodgy third-party sites to update their Twitter stream.
There's no such thing as a good CAPTCHA but if there were, these would be ...Best. CAPTCHAs. Ever!
A thoughtful post from Ben on how the flow of OAuth, OpenID and Facebook Connect can be improved.
"Facebook has rolled out an identity system â€” Facebook Connect â€” with a slick UI that trains a gazillion tech-naÃ¯ve users to slap their identity credentials into any old website."
David has written an excellent comparison of the two differing mindsets when approaching online authentication. In no uncertain terms, OAuth (or an OAuth style authentication) is right and the password anti-pattern is wrong, wrong, wrong.
Brothercake looks at the problems, issues, and alternatives to requiring a human to prove that they're not a bot.
As promised by Kevin Marks in the Q&A after my panel at South by Southwest, the Google Contacts API now supports OAuth. w00t!
Now this is how to do the "find your friends" trick. For GMail, Yahoo Mail, and Hotmail, Flickr never once asks for your password. Bravo!
Aral points to what is possibly the most egregious password anti-pattern implementation yet: a new startup called Spokeo http://www.spokeo.com/public/join
A cautionary tale that explains just why the password anti-pattern needs to die. Coding horror indeed: in this case, 1,777 GMail accounts were compromised.
Looks like Flickr has some interesting plans around OpenID. Our reporter Simon Willison is on the scene.