Unfortunately, users who would seek out and voluntarily take advantage of the
increased security by turning off their password authentication are much less
likely to be deceived by a phishing scam. In a year or two, the answer to this
might become more apparent as user uptake increases and the passwordphishing
landscape changes.
290 Guidance for a Relying Party
Account creation, therefore, must not only be simple, it must
also be lightweight enough that the user can continue the transaction
without missing a step. Done properly, there is more than
one entry point into the signup process. Users can explicitly
create an account, or they can just present a card to sign in with
and create an account inline. Another way to look at it is this:
Users come to a website, do a little ???window??? shopping, and
?¬?nd something worth buying. When they are used to using
Information Cards and know that they can click the Sign In button
to get quickly to the end of the sale (and not have to remember
if they??™ve been to the site before, or even whether they have
an account), they know that it??™s going to be fast. The impact of
this ease of use will be quite impressive.
Depending on the amount of validation a website requires, the
new account process could potentially be invisible and instantaneous
(see Figure 5-10).
Pages:
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424