Questions tagged [authentication]
use this tag for questions related to authentication in the context of security
132 questions
1
vote
1
answer
66
views
Is requiring user authentication overkill?
The specs:
Mobile apps
LLM wrapper (of e.g. OpenAI API)
The chat history will be stored on the client
Backend is needed to manage the api key and to track token consumption / payment (how many tokens ...
- 151
2
votes
2
answers
119
views
What should the default 2FA method be for a user opening an account?
Our application (investment solution) asks users to set up a 2FA method after setting their password during onboarding.
We offer multiple methods of 2FA; memorable questions, text message security, ...
user169425
2
votes
2
answers
203
views
Is a process secure if it's not perceived as such?
We just finished research for an article on 2FA (Two-Factor Authentication) and, while writing the report on the insights, I got wondering on this particular finding: Our research indicates that most ...
- 38.5k
2
votes
2
answers
148
views
Should authenticated users still see the app's public home page
Let's take two examples:
GitHub → the public page at github.com is a presentation of GitHub's features. Once a user is logged in, he never sees this home page again: github.com become the user's ...
- 123
2
votes
1
answer
589
views
iOS apps log users out when upgrading to a new phone
Why do so many apps log users out after upgrading to a new phone ? (ex: Gmail, Slack, Instagram).
From a technical POV it's easy to keep the user logged in after a phone upgrade.
Is there any upside ...
- 123
2
votes
3
answers
156
views
Does onboarding include sign up?
I'm designing a matchmaking platform for influencers and marketers. I want to create a secure platform that verifies identities (both influencers, and marketers that work for legit brands).
I am ...
- 21
0
votes
1
answer
71
views
Whats the best approach to restoring access to a user who can't access their email?
I'm trying to think of different methods to restore an account to a user who can no longer access their email. For my project, regaining account access is very important, throwing away an account is ...
- 187
0
votes
2
answers
347
views
2FA into the login page (without email or phone number)
I have a question regarding UX of the 2nd factor authentication (2FA) process.
It is common in the authentication process to ask for user id (commonly email) + password, and in a second step ask for ...
- 103
1
vote
3
answers
3k
views
Good UX for validating both phone and email
A website requires users to validate their email – it's how the user receives their password creation link, and email is essential to several core workflows.
There is now also a need to collect and ...
- 13.1k
1
vote
1
answer
121
views
How would you visualize authorization deviation with 90+ rules?
Users can preselect an authorization set (1). And, later on, modify the set. As a user, I want to see how the original authorization set differs from the one I changed. So I can see which ...
- 75
3
votes
1
answer
109
views
Evolution of authentication-based navigation
Consider the case where an unauthenticated user sees a main navigation with a few items:
In the old days, someone with admin privileges might log in and simply see additional items exclusive to their ...
- 13.1k
1
vote
1
answer
107
views
Quantifying the impact of offering alternative signup/login methods?
Nowadays it's common for websites to offer signup/signin methods that don't require making an account (email/password) for that specific site, for example 'Login with x':
Facebook
Google
Twitter
...
- 299
2
votes
1
answer
393
views
Should users be given a way to link a password after social auth?
Obviously it is very common for sites to allow log in using both the traditional email/password as well as social authentication using Facebook, Google, Twitter etc.
If a user creates an account using ...
- 121
0
votes
2
answers
71
views
How many times should an unverified user be allowed to post on a social site?
If you allowed user to post content on social media site prior to verifying email, in order to increase conversions, how many times should he be allowed to do so?
What anti-spam measures you can put ...
- 1
1
vote
1
answer
292
views
User signs up using their Facebook account logs and then logs in with their (same email) Google account. Now what?
Our web app (a personal calendar-management tool) offers both Facebook and Google as social login providers. Sometimes a user who originally signed up using a Facebook account tries to log in using ...
- 1,863