|
|
|
|
|
|
by fizbin
3576 days ago
|
|
|
Don't store passwords at all if you can avoid it. Then, bend over backwards to avoid it. Do all login through OAuth or the related proprietary "login with" mechanisms Facebook and Twitter have. Offer your users a choice of mechanism, in the signup flow, and don't require that they first set up a password that they then replace with login-with-(whatever). If you can't imagine what this looks like, open an incognito browser and go through the signup-for-an-account flow at stackoverflow.com. That should be what you're aiming for. |
|
|