- staffKeymasterDecember 27, 2013 at 10:59 pmPost count: 47
According to the admin control panel I set the forum to allow unregistered users to create new topics and post comments. However, when I log out and try to do so, I get a message saying I have to be logged in to create new topics and to post comments.
We could simply leave that as a requirement: registration and login is required for any forum posting.
I would eventually like to allow posters to login using their twitter, facebook, openid, gmail, google+, etc., accounts. Basically authenticate a user via any authentication path that a wordpress plugin reasonably supports. I have seen this done on other blogs for blog commenting.
- BobCModeratorDecember 28, 2013 at 12:24 pmPost count: 10
Personally, I’m leery of using other login credentials because of the metadata expansion for honest users. Every credential use lets that service know that their user has used their credential to authenticate at OOTBC.
After all, it is easy for a less-than-honest person to create a fake account on one of those services, then use it as a credential. So adding an external login authority actually adds little protection for the forum, and only a tiny bit of convenience for users.
Account creation should certainly require an email address with a validating message, with a captcha for bot resistance. That’s already present, and is pretty much what those other services use.
Browsers are good at managing login credentials, so there is not even much convenience benefit to using an external authority. The only benefit MAY be for non-browser use, if any such thing is supported by this forum.
- This reply was modified 9 years, 1 month ago by BobC.
- mermericoModeratorDecember 28, 2013 at 10:46 pmPost count: 10
I agree. Whenever I see one of those alternative options, I think the company is after my data. The best thing to do is to make the registration process as painless as possible. Reddit gets it right in this regard. Is it possible to integrate setting the password and using a captcha on the original registration page?
- staffKeymasterDecember 28, 2013 at 11:11 pmPost count: 47
OK, so I won’t attempt account creation nor authorization using twitter, facebook, etc. Good to know what people think about those – I thought it might be more convenient and had seen it done on other blogs I frequent. I am multiple password weary, even though I know it is important to separate passwords for different classes of login security importance – and I do that personally.
Right now the path of least resistance that WordPress offered was registration with the auto-generation of a password that is emailed back to the registrant. That is how the site is setup now. This is a conservative approach that definitely would try the patience of a potential comment spammer. Unfortunately it may also test the patience of a desirable commenter.
I will look into possible improvements to the registration process. I have not implemented Captcha on the registration process – I have seen a number of comments about it being too easy to defeat. That said, big players like Google use Captcha, so perhaps it has usefulness that is not obvious to its detractors. Helpful it may be, a panacea it is likely not.
I don’t know of a non-browser use case for this forum. I have been trying both the forum and the site in general on an Android smart phone using the Chrome browser on the phone. It seems to work pretty well, and I have been happy with the legibility of the site without resorting to magnification. The theme used does hide the upper bar menu items in what to me is a less-than-obvious icon in the upper right when viewed on the smart phone. Other than that I like the smart phone rendering.
You must be logged in to reply to this topic.