Web Authentication

for Security

Digital Identity


Basic Authentication

Sometimes involves Web Cookie-s

various approaches for API-request authentication (ReST, Web Services).

Some basic things to do during registration/login to reduce rejections, from a friend:

  • 60% of our users use GMail where john.doe@gmail.com is the same as johndoe@gmail.com (punctuation is ignored on gmail). Your login should behave the same for GMail addresses. This alone brought support case load down by 85%.
  • Strip white spaces from login emails and passwords.
  • Add mailcheck on signup ( https://github.com/Kicksend/mailcheck ). Lots of people register with every variation of "gnail.com" or "gotmail.com", catch them early.
  • treat email addresses as case-insensitive

Jan'2015: Jeff Atwood has some good suggestions: how close can we get to the perfect godlike login experience in Discourse?

Edited:    |       |    Search Twitter for discussion