Simon Willison’s Weblog

Subscribe
Atom feed for accounts

4 items tagged “accounts”

2010

Fixing the Google Account problem. 3,000+ words explaining how to open a Google Doc invitation sent to an e-mail address that isn’t associated with your Google account. Worth reading just to get an idea for the enormous complexity involved in running a large scale identity system and designing an interface for managing aliases and multiple profiles. Google haven’t got it right yet—has anyone else?

# 25th January 2010, 11:21 am / google, accounts, usability, drummondreed, identity, gmail

2009

“Recover my account” link on the login page. For the record, collecting and verifying e-mail addresses is a VERY good idea, even (especially?) if you accept OpenID. A verified e-mail address is still absolutely the best way to deal with lost passwords or “my OpenID isn’t working”.

# 16th February 2009, 10:22 pm / email, accounts, identity, openid

2007

Designing for a security breach

User account breaches are inevitable. We should take that in to account when designing our applications.

[... 545 words]

9:29 pm / 30th September 2007 / accounts, csrf, designingforabreach, openid, phishing, privacy, security, xss

hasAccount. Stuart proposes a light-weight API for letting any site know if a user has an account (and is signed in) on another service. I wouldn’t want to deploy this without being confident that my CSRF protection was in order.

# 28th September 2007, 9:10 am / csrf, stuart-langridge, crossdomain, json, api, accounts

Related