- Have a dedicated page for login
- Expose all required fields
- Keep all fields on one page
- Don’t get fancy
A small but perfectly formed progressive web app. It’s a private, offline-first personal journal with no log-in and no server-stored data. You can read about the tech stack behind it:
Your notes are only stored on your device — they’re never sent to a server. You don’t even need to sign-in to use it! It works offline, so you can reflect upon your day on the slow train journey home.
This post goes into specifics on Django, but the broader points apply no matter what your tech stack. I’m relieved to find out that The Session is using the tripartite identity pattern (although Huffduffer, alas, isn’t):
What we really want in terms of identifying users is some combination of:
- System-level identifier, suitable for use as a target of foreign keys in our database
- Login identifier, suitable for use in performing a credential check
- Public identity, suitable for displaying to other users
Many systems ask the username to fulfill all three of these roles, which is probably wrong.
Clever! By exploiting the redirect pattern that most social networks use for logging in, and assuming that site’s favicon isn’t stored in a CDN, it’s possible to figure out whether someone is logged into that site.
Luke continues to tilt against the windmills of the security theatre inertia that still has us hiding passwords by default. As ever, he’s got the data to back up his findings.
It’s sad to see MyOpenID shut down, but now I can simply use IndieAuth instead …which means my delegate URL is simply adactio.com: magic!
A great in-depth explanation by Aarron on why Mailchimp dropped their Facebook and Twitter log-in options. Partly it was the NASCAR problem, but the data (provided by user testing with Silverback) also brought up some interesting issues.
I like this passwordless log in pattern but only for specific use cases: when you know that the user has access to email, and when you don’t expect repeat “snacking” visits throughout the day.
Aza Raskin share's some mockups of ideas for incorporating identity management into the browser.
Leah has some great ideas on combing "log in" and "sign up" forms into one.
Another interesting take on assigning a visual clue to password fields.
There's no such thing as a good CAPTCHA but if there were, these would be ...Best. CAPTCHAs. Ever!
Screenshots of various log in screens on the iPhone. I think Cindy has been hanging out with Luke W.
Every Google account can now be an OpenID login thanks to this app built with the Google App Engine.
Looks like Flickr has some interesting plans around OpenID. Our reporter Simon Willison is on the scene.
Another sign up form that features hCard input (like Satisfaction). Choose a service (e.g. Flickr, Last.fm, Twitter) or enter your own URL.