Do I need authorization after registration?
Being engaged in designing one service, I wondered : does it make sense to authorize the user immediately after registration or is it better not to do this? On the one hand, the experience of the overwhelming majority of sites tells us that visitors are used to the fact that after the registration procedure nothing prevents them from using the site’s services. On the other hand, many people use all sorts of applications and password managers (integrated into the browser or third-party services), which means that the next time they sign in, they will have to remember their login password instead of logging in almost automatically.
Instead of choosing which one is more convenient, it makes sense to take advantage of both methods and reduce the user registration scheme to such that after sending the data entered into the registration form, the user enters the authorization page, where all the necessary information has already been entered into the corresponding fields. information (do not forget to write in the database is not the password itself, but, for example, its salty hash). By clicking the "Login" button, the user can save their login and password in the password manager, and the registration procedure is complicated by just one step. Even the option of automatically generating a password and sending it to the mail requires more action.
')
If someone wants to try, I made a simple example of a system that shows the overall development of the script.
In fact, from a security point of view, this approach is not weaker than the usual login option, but allows users to use a convenient and familiar tool for many people to remember passwords. Another advantage of this modification is that in the registration questionnaire you can remove the password entry fields, leaving there at best only a mailbox.
Instead of choosing which one is more convenient, it makes sense to take advantage of both methods and reduce the user registration scheme to such that after sending the data entered into the registration form, the user enters the authorization page, where all the necessary information has already been entered into the corresponding fields. information (do not forget to write in the database is not the password itself, but, for example, its salty hash). By clicking the "Login" button, the user can save their login and password in the password manager, and the registration procedure is complicated by just one step. Even the option of automatically generating a password and sending it to the mail requires more action.
')
If someone wants to try, I made a simple example of a system that shows the overall development of the script.
In fact, from a security point of view, this approach is not weaker than the usual login option, but allows users to use a convenient and familiar tool for many people to remember passwords. Another advantage of this modification is that in the registration questionnaire you can remove the password entry fields, leaving there at best only a mailbox.
Source: https://habr.com/ru/post/134826/
All Articles