jimfog Posted November 12, 2011 Share Posted November 12, 2011 I did know where to post this issue, i decided to do it here probably because it comes close to my subject. The truth is that the vast majority of the sites use password authentication as a security measure. It is also truth that this, "hurts" user friendliness-it is a compromise you have to make one way or the other. I am building a web app this period, an application that someone may not use it for months, he just comes once and then he might visit again the application after 6 months or even longer-it is nature of the application that dictates that. Furthermore, the user will have to enter name and address only, no credit cards involved. So, it comes to this, do i really need password protection in a "schema" like the above? Certainly, the issue is huge, but let us try to be concise. Thanks. Link to comment Share on other sites More sharing options...
birbal Posted November 12, 2011 Share Posted November 12, 2011 i am not sure about your app but how will you athenticate if it is that user whom he is pretend to be? if there is such a feature that one user can do a particular job where other user cant then you need to identify that user by authentication by password or by any means. Link to comment Share on other sites More sharing options...
jimfog Posted November 13, 2011 Author Share Posted November 13, 2011 Well, i am not surprised by your answer. Nonetheless, i believed that there was a small chance that answer might be different taking into consideration the nature of the web app, based on the description i made. Link to comment Share on other sites More sharing options...
Synook Posted November 14, 2011 Share Posted November 14, 2011 There is no way to accurately determine a person's identity without the use of a secret, such as a password. Any other way can always be spoofed. Link to comment Share on other sites More sharing options...
jimfog Posted November 14, 2011 Author Share Posted November 14, 2011 Ok thanks Link to comment Share on other sites More sharing options...
boen_robot Posted November 15, 2011 Share Posted November 15, 2011 If you wish you really eliminate the need for passwords, while still verifying the identity of users, another way is with digital signatures. For this to work though, your users must accept your site as a trusted issuing authority, and you need to make certain that you only issue signatures after verifying the user in another fashion.This, combined with passwords (for extra security), is typically what banks use, but they can afford to bother their users with tedious verification procedures (that typically involve the client going to the nearest bank with an ID of some sort to prove he is the owner of the email/drive the signature will be sent to). The use of the passwords is optional, but banks use it to ensure that even if your signature is stolen in some fashion, you are at least protected with a password that only you know, thereby rendering the signature useless (giving you enough time to call up the bank, and make them reject your old signature, and issue you a new one). Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.