从电子邮件即时登录为什么这么少这样做? [英] Instant login from email. Why have so few done this?
问题描述
假设我们将发送一封电子邮件来诱使用户登录我们的超级社交网络应用。这封电子邮件的目的是让他们返回网站,并在他们忘记我们之前自然地想要降低他们返回的障碍。 Cookie有助于防止他们每次都需要登录,但是在用户忘记了凭据的情况下仍然无法帮助。我们希望在这里立即获得满足 - 一键点击直到行动宝贝。相反,为什么我们不能向用户发送我们已经存储在数据库中的随机生成的时间敏感令牌的哈希形式?如果他们可以将这个令牌提供给服务器,那么我们可以信任他们的身份。
只要您正确地管理了令牌,这种情况似乎是安全的。该过程将是如下:
-
在向John Doe发送提醒电子邮件之前,生成一个随机数令牌在电子邮件中,包含一个包含散列形式的令牌的url(perhap xor with用户ID)
-
当John Doe登录他的电子邮件并点击链接时,服务器将验证DB中是否存在令牌,没有过期如果令牌存在,他将被服务器自动登录。
安全性:我们假设John的电子邮件Doe实际上属于John Doe,只是因为电子邮件地址是作为注册过程的一部分进行验证的。任何有权访问John Doe电子邮件的用户都可以访问他的帐户;然而,这不是新的。许多网站已经假设用户的电子邮件帐户是安全的,因为他们实现了将密码重置为电子邮件的功能。
我的谷歌搜索已经只有一个网站执行此操作,OKCupid ,这是一个在线约会网站。有谁知道任何其他网站这样做吗?为什么不通过电子邮件即时登录更常见?安全?缺乏实质的收益增加复杂性?
在某些网站上,您可以将重要内容与真正重要的东西分开。假设您网站上的重要内容允许用户查看策略,活动成员和传入群组消息。 真正重要的东西可以让您更改策略,重置密码并添加新用户。所以你可以做的如下:
- 允许你的http链接访问重要的东西。毕竟,如果人们了解您的系统中的策略,用户或消息,那么这不是世界的尽头。
- 如果请求实际的用户名/密码认证, ,真的很重要的东西。
本质上,您正在系统中建立不同的信任级别。您发送出站诱骗用户的电子邮件几乎总是无害的活动(嘿,看看我们添加的新窗口小部件),如果人们希望留在网站上,那么他们不会介意额外的身份验证时间。
Tried searching for this but turned up nothing. Discussion or relevant links are requested.
Suppose we are going to send an email to entice a user to login to our super social webapp. The goal of this email is to get them to return to the site and poke around a bit more before they forget us so naturally we want to lower the barrier to them returning. Cookies help in preventing them from needing to log in every time but still don't help in the case when the user has forgotten their credentials. We want instant gratification here--one click straight to the action baby. Instead, why can't we just send the user a hashed form of a randomly generated, time-sensitive token that we have stored in the DB? If they can supply this token back to the server then we can we trust their identity.
This scenario seems like it could be secure, as long as you managed the tokens correctly. The process would be something as follows:
Before sending the reminder email to John Doe, generate a random number token (a large enough number to prevent guessing) that expires after a few days.
In the email, include a url that contains a hashed form of the token (perhap xor with the user's ID).
When John Doe logs into his email and clicks on the link, the server verifies the existence of the token in the DB and that it isn't expired. If the token exists, he is automatically logged in by the server.
Security: We assume that the email for John Doe actually belongs to John Doe, if only because email addresses are verified as part of the registration process. Any user that has access to John Doe's email would be able to access his account; however, this isn't new. Many sites already assume that the user's email account is secure because they implement the feature to reset password to email.
My googling has turned up only one site that does this, OKCupid, which is an online dating site. Does anyone know of any other sites that do this? Why isn't instant login via email more common? Security? Lack of substantial benefit for the added complexity?
On some sites you can separate the "important stuff" from the "really, really important stuff". Let's say that the "important stuff" on your site allows users to view policies, active members and incoming group messages. The "really, really important stuff" allows you to change policies, reset passwords and add new users. So what you can do is as follows:
- Allow your http link to give access to the "important stuff". After all, it's not the end of the world if people know about policies, users or messages in your system.
- Request an actual username/password authentication if a request is made for the "really, really important stuff".
In essence you are building different trust levels within your system. The emails you send outbound to entice users are almost always for innocuous activities ("hey, check out the new widget we have added"), and if people wish to stay on the site then they won't mind the extra time for authentication.
这篇关于从电子邮件即时登录为什么这么少这样做?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
