The design is focused on user choice and privacy and avoids asking people to bargain with their personal information to obtain this basic necessity of online life. It allows users to recover account access at any service using whatever other service(s) are best able to re-authenticate them. This talk introduces a lightweight, purpose-built, and self-assembling protocol with a prototype implementation by Facebook. Federated Identity systems solve some problems but are economically unacceptable in many situations to both users and platforms. Best common practice has failed to advance beyond the choices of “security” questions, emailed password reset links, or SMS-delivered codes. Managing a lost password or other credential is a problem every application must contend with, but which remains the most neglected part of account lifecycle management.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |