Saturday, December 09, 2017

Sign-in to websites

Many high volume websites face the challenge of designing a sign-in system that is secure (against hackers) and is convenient for users.

Google and Facebook met this challenge quite well. Their sign-in process is simple and quite secure.

Microsoft and Apple did it rather poorly. Their process is quite cumbersome.

I faced the problem when I changed to a new device (e.g. laptop, desktop, tablet or mobile phone) and requires to re-enter the passwords that were "remembered" in my old devices.

I cannot remember the passwords that were used previously, especially for websites that require a "strong password" and insists that it should be a "new" password that was not used before.

The websites of the government agencies in Singapore probably beat them all. They are the most troublesome.

Some people use an app called LastPass that remembered the passwords used before. I tried it, and found it to be more troublesome than helpful. So, I gave up on it.

There must be a better way to address this challenge.

The approach that I prefer is to allow the user to decide on the level of security that is really needed. For websites that do not contain sensitive information, allow them to use any password that they like. They can opt to use a strong password or even to have a 2FA authentication.

No comments:

Post a Comment