Login

PaulD · 03-04-2017, 08:30 PM

I agree with skunkbad entirely. I already grimaced at some of the earlier 'requirements' but look at the bloat being suggested now. So whatever you do it will either be 'too bloated' for half the people and 'not powerful enough' for the other half.

Take 'forgotten password' for instance. There are so many ways to do just that alone. Secret questions, emailing reset links, emailing codes to reset, sending temp passwords, second one time use passwords, sending random passwords, human moderation of password resets etc etc. And then what about lost access to email accounts, 2 step verifications, enforcing change passwords, password complexity demands etc. And that is just one tiny thing most users experience as a standard 'forgot password', but what actually happens in the background can be done in so many different ways.

There is no best way, there is secure or not secure, user friendly or not user friendly, simple and not simple. But how secure, user friendly or simple you want to be depends on the site you are building. You cannot win with a single solution that supposedly fits all. And that is just for 'forgotten password'. Even just the way you store a password will cause issues. Let alone more complex user related things like sign up and account creation.

I think this is really good advice so I am going to quote it again.

(03-04-2017, 06:40 PM)skunkbad Wrote: I don't want to discourage you, but rather hope that you don't make mistakes thinking that what you want is even remotely ideal. You should definitely carry on with your project, and plan to spend 100s of hours on it. It happened to me. Great learning experience. I started my authentication project about 10 years ago. I thought that people would be excited, and that there would be a community that wanted it, and would want to help with it. Heck, I even named my authentication "Community" Auth. My advice is, plan to do most of the work on your own, or you might be disappointed.

Anyway, having said all that, when you have an alpha version I will happily test it for you. Look forward to trying it out.

Best wishes,

Paul.