WebMaker 作出了一个不依赖密码的登录过程,这里是介绍:
http://notebook.ideapublic.org/2014/one-less-password/
简译如下:
One Less Password
少一次密码
At Mozilla, I helped develop a system for login that does not rely on passwords.
我在 Mozilla 工作,开发了一个不依赖密码的登录流程。
It also does not use social sign-on with platforms like Facebook.
这个登陆过程也不依赖脸书等社交媒体登录。
I think we have created a compelling alternative — something I’d like to see used and pushed further by other designers and developers.
这是一种很有力的替代品,我希望其他的设计师和程序员能够进一步发展和推进。
When fewer websites require passwords from each of us, fewer passwords will be lost, stolen, and repeated across sites.
如果我们不再需要密码,密码就不会被遗忘、被泄露和在网站间的重复。
UI Design by Ricardo Vazquez
In this post, you can learn about the system design and user experience.
此文描述了这个系统的设计和用户体验。
If you’re interested in the full story – the problems with passwords and alternative login systems, you can read my post for the Webmaker blog.
如果你想了解更多,请阅读Webmaker的博客。
Join – Quick & Easy
加入——从未有过的便捷
Join – Start using Webmaker immediately.
Account confirmation happens later.
立刻开始使用Webmaker,
账户确认是之后的事情。
We streamlined the process to join Webmaker.
我们大大简化了Webmaker的注册流程。
Previously, people needed to first sign up for Persona before they could gain access to Webmaker.
以前,用户需要先注册,才能使用Webmaker。
It was confusing.
很麻烦。
Now, new users simply enter their email and choose a username.
现在,新用户只需要输入邮箱和用户名就好了。
They immediately gain access to Webmaker, without the need to confirm their account.
此时,他们就已经可以使用Webmaker了。
Confirmation happens during the user’s first login or manually if they try to publish. (We will soon enable phone numbers and SMS as an alternative to email.)
在用户第一次登录的时候,需要确认邮箱。(以后会加入短信的支持。)
Sign In – No Password Required
登录——无需密码
Sign in via email or sms.
使用邮箱或者短信登录
Ask to “remember me” on private computers.
当使用私人电脑的时候,可以选中“记住我”。
Copy a key across devices.
当使用别人的设备时,拷贝令牌。
Things get more interesting with Sign In.
登录过程也很有意思。
As discussed by a number of people across the interwebs, I have taken the typical lost password experience and revised it to be the primary form of login.
和许多人讨论之后,我决定将找回密码的典型体验作为登录的主要形式。
A person can sign in with their username or email address. Webmaker sends an email that only they can access.
用户可以使用用户名或者电邮地址登录。Webmaker会发一封邮件给他们。
This email includes a button to sign in and a link to “remember me.”
这个邮件包括一个登录按钮,还有一个“记住我”的链接。
Both options will take them into the site without any further clicks.
点两个中的任何一个都会让他们登录,不需要更多操作。
Sign In – Across Devices
设备间登录
Login across devices.
Useful for people who have a mobile device while using a public computer.
设备间登录,非常适用于使用公用电脑和私人手机的时候
Some people will use Webmaker on a public computer at a school or a library.
有人会在学校或者图书馆的公用电脑上使用Webmaker。
They might receive the login email on their phone.
他们可能会在手机上收到登录邮件。
For this situation, the email will include a short key they can read and copy across devices (in yellow on the email above).
为了解决这个问题,邮件中会包含一个短语令牌,他们可以在设备间拷贝(上面邮件中的黄字)。
The diagram on the right describes this flow.The key is temporary.
上图描述了这个流程。令牌是暂时的。
It expires after a single use or after 30 minutes.
30分钟后会过期。
If abused, it also expires after repeated attempts to guess it.
如果被滥用,也会在固定的猜测次数之后过期。
A temporary key is much more secure than a password.
暂时令牌要比密码安全许多。
Sign In – Optional Password
密码可选
Passwords are optional.
Set one to skip the other flow.
密码可选,用密码就可以跳过其他的流程。
Passwords might be useful for someone who works on a public computer at the library.
对那些在图书馆的公用电脑上工作的人来说,密码可能是必须的。
We made them optional and easy to add.
所以,我们将密码设置成可选的。
In fact, people can add a password while traveling and remove it later when they return home, fluidly switching between the best experience for their situation.
实际上,用户可以在旅行期间使用密码,回家之后再切换回邮件登录,他们可以在两者之间自由转换。
A theory I hope to test: if we allow people to opt-out of passwords at the very moment they struggle to remember their own, we will increase the adoption and understanding of this alternative login method.
我认为,如果可以让用户选择不使用密码,大多数都不会使用老是忘记的密码。
A password can be added via a person’s profile page.
密码可以在用户设置页面添加。
A link to do this is also in the login email as shown above.
登录邮件中,也有这个链接。
This link doubles as a login link, then leads to the set password field.
Server Flow
服务器流程
Flow from the servers perspective.
从服务器的视角看整个流程
People will have an experience tailored to their situation, allowing them to login by link, key, or password.
用户可以在邮件链接、令牌和密码之间选择一个适合他们处境的方式登录。
The server manages this experience fluidly, even for returning users who forgot they set up an account in the past.
即使对那些忘记了自己曾经在这个网站注册过的用户来说,体验也会流畅。
Feedback & Discussion
We welcome your feedback and questions.
Read more about the project at Webmaker.
You can also find a more technical discussion in a post by our developer Chris DeCairos.ThanksA big thanks to Chris DeCairos for his code prowess and Ricardo Vazquez for his careful UI crafting.
This system could not have been built without their work or the support of Cassie McDaniel, Jon Buckley, Simon Wex, and the entire Webmaker team.
网友评论