My experience is that logging in to an Elgg site is very painful for a significant number of users. This is not because Elgg is especially bad at the UX, but because the standard for login/registration UX doesn't meet the needs of today's users. I run an Elgg site that is meant to be a secure place for non-technical folks to sign in and discuss sensitive community-relevant updates. The standard Elgg login experience is simply not meeting the necessary UX bar right now.
Current state of affairs:
Some comments I've heard users tell me they're doing or suggest to me to ease the login experience:
We are driving people to use seriously unsafe hacks to get around the hassle of logging in. I encourage you to assume the same kinds of things are happening on your site unless you have done actual testing and found otherwise.
Some insights:
The proposal:
What I'm looking for:
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by RaĆ¼l Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.
This part is not clear to me. Most people do not use openID these days after the monopolistic invasion of FB. OAuth means I must have a Google, Yahoo or similar account. Please correct me if I have not understood.
"Sending an email is not the only way to verify ownership or access to an email." - What are the other ways then?
When a person comes to register or log into my site, he or she expects to use credentials for my site only and it is presumed it is not necessary for him or her to have another account elsewhere or even if he has it is necessary for him to share it in my site, be it openid or fb or google or yahoo or whatever. At least that is what any truly *independent* soul and free soul thinks, and I also think. Does FB have any other mode of registration or login other than FB itself? NO! I may or may not be as big as FB but in spirit I adore that freedom - no other third party buttons in my site ( unless the user has specifically asked or opted for so)
Keeping email as a criteria for login/registration is good - foremost reason being email is such an open protocol and was invented for not making money. With one email I can connect to another email ( think gmx to yahoo, or hotmail to gmail) - with one fb account I cannot do that. Email should be kept alive!
Login / registration in Elgg as it is now is pretty simple compared to FB and G+ etc - probably one extra thing Elgg asks for initially is display name. Doing away with display name (initially, later user can choose) and also user name may not be bad - just email and password to register ( and later other things) may be good. Probably reddit has or used to have simpler method still - just an username and a password - and straightway jump onboard.
This is a special usecase - I do not think many site have this issue.
Finally,
Has there been many issues/forum posts/group discussions demanding such a change? If it is not 'broken' does it need to be fixed? I do not know but am just asking.
More great will be if users from different elgg sites ( different sites on different domains) could log into one another (provided their admins wanted that) - think of drupal.module of Drupal 5.
OpenID is good idea!
OAuth is a road to hell. BTW, Eran Hammer, lead OAuth2 project author, works under oz project now
Use oldschool passwords instead
requiring strong passwords is a wise move. providing advice as to how to create a memorable, strong password is not difficult.
a sentance of words is stronger than a shorter string of the most randomised characters.
?
i only just saw that min_password_length is in settings.php..
what will occur if i increase it from 6 to 12?
will users with passwords smaller than 12 be prompted to change the password?
or will the prompt only occur when they elect to change the password next time?
[Moderator: this comment was off-topic. It was moved to its own topic.]
Nope. You need create the upgrade action for it
ok, would users with passwords smaller than 12 still be able to login?
I didn't tried it but think that impossible because you change the configuration of the site :(
Need make the upgrade action for it also
@ewinslow
Mozilla Persona is a good solution.
Ben created Elgg plugin even
- Previous
- 1
- 2
- 3
- Next
You must log in to post replies.