多个密码登录:好还是不好 [英] Multiple Passwords Login: Good OR Bad
问题描述
我正在寻求创建我能想到的最灵活的用户登录系统,并且正在寻求一些想法的反馈. (系统目前还具有OpenID集成选项)
I am in the quest to create the most flexible user login system I can think of, and is looking for feed back on some ideas. (system also currently has an OpenID integration option)
我正在修改我的一个用户登录系统,而这个概念使我震惊...
I was in the process of revising one of my user login systems and the concept just hit me...
很多人都难以记住一个密码,据我所知,大多数人在站点之间使用一些密码只是为了记住它们.
Allot of people have trouble remembering a single password, majority of people I know have a few passwords they use from site to site just so they can remember them.
如果可以以用户友好的方式实现,允许用户设置多个密码(可以限制,如果用户输入其中的任何密码将被允许通过)是一个好主意吗?当然,用户可以选择只保留一个密码,而完全不用理会该选项....
Would allowing users to set multiple passwords ( can be limited, if user enters any of them will be granted passage ) be a good idea, if it was possible to be implemented in a user friendly manner? Of course the user could just choose to stick with one password and not bother with the option at all....
显然,允许的密码越多,有人猜到的可能性就越大,但只是非常轻微...
Obviously more allowed passwords the more likely some one is to guess but only very slightly...
这个想法会对用户更有益还是会很痛苦? (可以使用多个密码进行输入的想法)
Would this idea be more beneficial to users or would it just be a pain? (the idea of being able to use more than one password to get in)
由此可能引起哪些安全问题?
What possible security issues could arise from this?
对于用户来说值得吗? (忽略所需的额外编码和结构)
Would it be worth it for the user? (ignoring the extra coding and structuring required)
还有其他想法...
忘记密码系统:
我已经实现了忘记密码"系统,该系统不涉及重置用户密码,而是简单地提供了一个临时密码,该密码就像一个临时后门,因此用户可以进入以更改密码.我很可能会对这个系统做同样的事情,但是一旦用户添加了永久密码,它将禁用其他密码或类似的密码...同样,必须以一种用户友好的方式进行设置
I have already implemented a "Forgot Password" system which does not involve resetting the users password but simple provides a temporary password that acts like a temporary back door so the user can get in to change a password. I would most likely do the same for this system but once the user adds a permanent password it would disable the others or something similar to that... again it would have to be set up in a user friendly manner
推荐答案
我个人认为这很令人困惑.
Personally, I would find it confusing.
对用户更有利吗?这可能.我认为这可能会使许多计算机不知所措.
Would it be more beneficial to users? Its possible. I think it may confuse many of the computer illiterate though.
是否会由此引发安全问题?并非如此,除了增加某人访问用户帐户的机会之外.
Would possible security issues arise from it? Not really, other than increasing the chance of somebody gaining access to a user's account.
您将如何实施必要的忘记密码"系统?只需将它们重置为一个计算机生成的密码?
How would you go about implementing the necessary "Forgot Password" system? Just reset them to one computer-generated password?
这篇关于多个密码登录:好还是不好的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
