I’m thinking of building a user login system for my website in this manner. Users are authenticated by clicking the link sent to his or her email every time he or she needs to log in.
Not sure if anyone has done this before but I’d want to know if this is actually a POSITIVE user experience or a NEGATIVE one?
Off the top of my head, I think this is a positive one because:
- User would only need to supply his or her email address to register, thus registration is much easier. (POSITIVE)
- No password or whatsoever stored in website database, which is easier for developers and harder for hackers. (POSITIVE)
- This system makes sure the user is the legal owner of the email (rather than someone who knows / guesses the password). (POSITIVE)
- System needs to be secured in sending out the emails, thus more work for developers / sys admins. (NEGATIVE)
- Emails could be delayed for one reason or another, even 10 seconds would very probably make the user frustrated and eventually give up. (BIG NEGATIVE)
Is this really applicable? Anyone has any first hand experience on this please? Thanks!
The biggest drawback I can think of is that if somebody hacks their e-mail account, they get access to your system as well for free.
Considering that many, many hacks are based on first getting access to a person’s e-mail account and leveraging that to gain access to other sites I’d say that’s a pretty big negative.