Advertisement
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
If we do not hit our goal we will be forced to close the site.

Current status: https://keepboardsalive.com/

Annual subs are best for most impact. If you are still undecided on going Ad Free - you can also donate using the Paypal Donate option. All contribution helps. Thank you.
https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.
Hi all, please see this major site announcement: https://www.boards.ie/discussion/2058427594/boards-ie-2026

Account Activation or Not

  • 21-11-2017 12:49AM
    #1
    Ziycon
    Registered Users, Registered Users 2 Posts: 1,991 ✭✭✭


    I'm working on a web application project where all the users signup and login using 3rd party oauth methods, for example FB, Google & Twitter. (No native signup method yet)

    I'm trying to make the signup process as quick as possible so I was going to remove the account activation process, so:

    Currently
    • User comes to the web app.
    • Signs up with desired 3rd party authentication provider.
    • Email is sent with activation url.
    • User clicks on activation url and account is activated.
    • User can login.

    Proposed
    • User comes to the web app.
    • Signs up with desired 3rd party authentication provider.
    • User can login.

    I'm trying to see the pit falls of not getting users to authenticate their account, I would expect a fair chunk of fake accounts would be weeded out on the 3rd party sites that is used for the authentication process.

    Also I have the whole app. wrapped in a check to Project Honey Pot which I assume will help limit known spammers from signing up to the web app.

    Any advice/insight/suggestions greatly appreciated.


Comments

  • #2
    Pelvis
    Closed Accounts Posts: 1,744 ✭✭✭Pelvis


    I don't recall ever getting an authentication email from a website if using Facebook or Gmail to login as a new user tbh. I would have thought that was the point?


  • #3
    Goodshape
    Registered Users, Registered Users 2 Posts: 8,488 ✭✭✭Goodshape


    Your proposed solution sounds fine. With the third party auth from a trusted provider, that should be enough to confirm the persons identity (insofar as it needs confirming for your service, I presume).

    The additional email confirmation step would just be a nuisance to your users. Even without the 3rd party auth, getting a fake email address for a signup is as easy as googling "fake email address". It's security theatre.


Advertisement