A user may submit a card and with no additional effort (except
maybe email con?¬?rmation) have an account created. Websites
constantly battle against drop-off (a user leaves the website before
completing a transaction), and anything that can make the
process just a little bit simpler may encourage users to continue
the transaction and make a purchase.
Sign In
User name:
Send email
confirmation
Choose:
Associate with an existing account
Create a new account
Choose a different card
Authenticate via:
Username/Password
Proof of account
Password:
Figure 5-8 Associating an Information Card with an account
Accounts are often
related to an email
address
289 Putting CardSpace to Work
Figure 5-9 Performing an alternative authentication of the user
?– Perspective: Closing the Username and Password Gap?
After users have moved on and have begun using an Information Card rather
than username and password for authentication, what good is their password?
Passwords remain the focal point for phishing; after all, a cleverly built email
can still fool enough users to divulge their password to make it worthwhile to
continue the practice. Should you turn off the username and password authentication
route after a user has made the switch? It is dif?¬?cult to argue that it should
be done without the user??™s consent, but perhaps in the account management
page, an option to ???allow sign in via Information Cards only??? is reasonable.
Pages:
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423