Make accounts more secure

I’ve been recently working on this user authentication-login-thing which everyone of you should be familiar with. You sign up with username and password, wait for an e-mail and click on a link. Then you go to login and enter your username and password to be finally logged in. So what?

The system is actually not very secure. Besides using an unencrypted connection in many cases and insecure passwords, usernames are often visible on the whole website, while your e-mail address is kept safe. If anyone spiders through all sites he can get a whole bunch of usernames. Then he can run a list of typical passwords through each username. And if there are enough usernames, the chance to actually get into an account is 100%.

If you provide your e-mail address, why not use it for login? No one knows which e-mail addresses are associated with which account, so you cannot try typical passwords on them. The login gets more secure, your accounts are safer.

Published by

Julian Bez

Julian Bez

Julian Bez is a software engineer and former startup founder from Berlin, Germany.

  • http://stevenbristol.blogspot.com/ Steven A Bristol

    I would not want my email address visible on the whole website. Even if it more secure, it is not worth the spam price that will eventually follow.

  • http://www.julian-bez.de/blog/ Julian

    Huh?
    Who said that the e-mail address has to be displayed? Am I crazy or what?
    It’s just more secure, because no one knows your address.