|
|
|
|
|
|
by PeterisP
5058 days ago
|
|
|
This would mean that there are two "passwords" that I have to remember - the userid and the actual password. Chances are, your site isn't worth it to remember a new uid. (I counted that only 5 out of my 150 stored account passwords are for something worth remembering anything at all.)
If you are important (say, paypal or gmail) - do two factor authentification. If you are not - don't bother me. Even creating an account is already more effort than most sites are worth. |
|
|
* insist it's the username,
* insist it is in the password somewhere, or
* make them type the string in a third logon field
It adds friction to the process in order to solve a problem that is not "ours" to solve.
An option with less friction would be to ask them to choose a picture from 16 candidates. The 16 candidate photos would need to be generated from the username to avoid the ability to refresh the page and find the persistent image. Each image could have the random characters associated with it to be used as an addendum to the salt, or for whatever purposes on the back end which the random characters are supposed to accomplish.