While I was working on my new web-based game, which is still very much an idea, I had the thought of not requiring your typical login process. For just about every web site out there you need to login for one reason or another. Logging in is some sort of identification, your name or e-mail address, and a password. I hate having to keep using e-mail and password all over the place, even if I do use the same one’s over and over.
So my thought for my game was to require only a password to login. One-field entry. You type in your password and you’re in, assuming you entered it correctly.
But then what about if two people have the same password? That’s where the e-mail comes in. When the person signed up they provided their e-mail, password, and other information. They are asked for additional credentials only if it is needed. Creeping login of sorts.
What are the chances that two people will have the same password? I dunno, probably pretty good if your user population is big enough, but ideally your password should be unique – afterall, it is your password. So shouldn’t that be enough to identify you? It should be.
I think it’s a good idea but alas you won’t see it on my game, or anywhere else, because it’s something different. It bucks the convention that has built the internet.
But let it be known that I had the idea. Probably not the first to think it up, but at least to readers here I probably am. And that’s enough for me.
It’s an interesting idea, but the fact still remains that as far as security is concerned, single factor authentication is incredibly weak.
This would only work reasonably wll if users used only truly random passwords, but even then, there is the possibility for password collisions.
G+
But the whole point is it detects if there is a duplicate password and then asks you for more info. So in that case it’s just like any other login.
I agree, people’s passwords are generally really poor, but I theorize that pet passwords vary a lot from person to person.
Hmm… if it alerts the user that the password is already taken somehow, can’t the user just stop the process at that point and log in using the pre-existing account?
G+
I really think this is a bad idea. Even if it works perfectly, it will make users wary.
And that’s why I’m not using it – it would totally scare people, myself included.
…and to Big G…no if the passwords collided and asked for more it would halt login right there and ask for more credentials.
Unique password lets you in. Duplicate password asks you for more. Simple as that.
“It’s an interesting idea, but the fact still remains that as far as security is concerned, single factor authentication is incredibly weak.”
A username and password is not “two-factor authentication” as you seem to imply it is.
http://en.wikipedia.org/wiki/Two-factor_authentication
You are correct.
But my point still stands. Using a single credential for authentication is still incredibly weak.
G+