Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Account Activation or Not

  • 21-11-2017 12:49am
    #1
    Registered Users, Registered Users 2 Posts: 1,987 ✭✭✭


    I'm working on a web application project where all the users signup and login using 3rd party oauth methods, for example FB, Google & Twitter. (No native signup method yet)

    I'm trying to make the signup process as quick as possible so I was going to remove the account activation process, so:

    Currently
    • User comes to the web app.
    • Signs up with desired 3rd party authentication provider.
    • Email is sent with activation url.
    • User clicks on activation url and account is activated.
    • User can login.

    Proposed
    • User comes to the web app.
    • Signs up with desired 3rd party authentication provider.
    • User can login.

    I'm trying to see the pit falls of not getting users to authenticate their account, I would expect a fair chunk of fake accounts would be weeded out on the 3rd party sites that is used for the authentication process.

    Also I have the whole app. wrapped in a check to Project Honey Pot which I assume will help limit known spammers from signing up to the web app.

    Any advice/insight/suggestions greatly appreciated.


Comments

  • Closed Accounts Posts: 1,758 ✭✭✭Pelvis


    I don't recall ever getting an authentication email from a website if using Facebook or Gmail to login as a new user tbh. I would have thought that was the point?


  • Registered Users, Registered Users 2 Posts: 8,488 ✭✭✭Goodshape


    Your proposed solution sounds fine. With the third party auth from a trusted provider, that should be enough to confirm the persons identity (insofar as it needs confirming for your service, I presume).

    The additional email confirmation step would just be a nuisance to your users. Even without the 3rd party auth, getting a fake email address for a signup is as easy as googling "fake email address". It's security theatre.


Advertisement