Wednesday, April 10, 2019

security - Login button - on homepage or separate page?


I ran across an article called Put the login on the front page, where the author wants sites to:



[...]put the user name and password box somewhere obvious on the home page like the upper right hand corner. Save me the click.



Is this is a good idea, or not? Or is it better to have a login link go to a separate page, for security (or other reasons)? Even if it adds a step.


Some things I noted from the article:



  • The comments discuss whether this would allow a man-in-the-middle attack due to using plain HTTP on the front page, versus HTTPS.


  • The article (dated 2006) lists sites that do put allow login on the home page, such as Fresh-meat and Slash-dot. Yet when I checked those sites, they had a separate login link, rather than the full login/password/login button as the author states.

  • Those two sites obviously changed their login process in the past five years. I would have presumed for security reasons - but both use HTTP instead of HTTPS, so I'm not sure what the reason was.



Answer



Letting users log in from the front page (or any page) is certainly more user friendly. It's always jarring to be taken away from the content or tool you want access to.


Smashing Magazine recently released an article suggesting this as well.


You really should make sure that the login pages are secure, but why not make your whole site secure? If you only make the login page secure people can still intercept cookies (assuming that you are using cookies) and get around having to capture login info.


Bruce Schneier has an article about hijacking people's connections to websites.


SSL certificates aren't all that expensive these days.


No comments:

Post a Comment

technique - How credible is wikipedia?

I understand that this question relates more to wikipedia than it does writing but... If I was going to use wikipedia for a source for a res...