Post by geriatrix on Aug 1, 2016 14:54:03 GMT
According to member ForguesR on security.stackexchange.com, e-mail verification doesn't provide extra security. It just validates that the newly registered user is the legitimate owner of that e-mail address. For security concern, a best practice for a web site would be to not send any e-mail to an unconfirmed e-mail address. This prevents leaking information to someone that mistyped their e-mail address. Anyhow, one should encourage users to confirm their e-mail address quickly; very often, the e-mail address is the primary way to recover a lost password. A user with an unconfirmed e-mail address and a lost password would be screwed up if there is no alternate way to recover their password. Moreover, if the mistyped e-mail address is actually the address of someone else, this person may confirm the e-mail address and use the password recovery to get access to the user original account.
Oscar Smith at webdesignledger.com agrees that CAPTCHA codes are annoying, but in most cases, we accept them as an unavoidable step in the battle against bots and spam. But what if it was shown that CAPTCHA codes are not only damaging the usability of your website, but also hampering the ability of your site to create leads, generate sales or otherwise function and interact with your audience? The reality is that for the vast majority of the sites that we build as web designers and developers, we don't really have to worry about targeted attacks on our contact and registration forms. Using a CAPTCHA code on most sites is like using a Humvee to crack an egg. If you're developing a high-profile site or security critical web app, then sure, perhaps a CAPTCHA is going to provide you the most protection. But even then, you should be weighing up the risks and usability trade-off and asking yourself if there is a more user-friendly alternative. Oh and by the way, there is a business in breaking CAPTCHA codes, so even if you use one, you're not necessarily safe from a concerted effort to break it. And if all you have to worry about is protecting a form from generic spam bots, then there is definitely no excuse; you don't need a CAPTCHA; there are more user-friendly alternatives. Think about it; you've developed a beautifully thought-out website with clear user-funnels, calls to action, with everything gently pushing your visitors towards registering, purchasing, enquiring or otherwise completing a goal and then, you stick a dirty great squiggle at the end that your users have to decode before completing the task. It's a bit like spending weeks gently building up to asking someone out on a date and then vomiting down your shirt when you pop the big question.
www.puretalkusa.com has an anonymous article about burner phones. These devices became notorious for criminal use, but there are actually several practical reasons to use a number for a limited amount of time instead of using your permanent phone number. Say you're buying or selling something on Craigslist or another classifieds site. It might be safer to use a disposable number that you can terminate after the transaction instead of your personal number. This can save you from unwanted texts and calls from strangers, especially if you choose another buyer/seller. A disposable number is also handy for dating. Sometimes, you're just not quite sure things are going to work out. If you're worried about a prospect getting too attached after you’ve politely declined, a temporary number can you save you the hassle and headache of blocking someone from your phone and worrying if they have your number memorised. Are you seeing a theme here? All in all, burners are great for privacy. Use them for online purchases and subscriptions to avoid telemarketers and unwanted text ads. Or use one for a business phone. This way, your coworkers have a specific number to reach you, while friends and family have another. Burners can also be useful for keeping journalists and hackers from leaking details of your private events… like your wedding.
Jim Wang at www.bargaineering.com writes that the recent breach of global payments has once again brought the issue of credit card security back into the limelight. While most, if not all, affected cardholders won't feel any financial repercussions, they might have to deal with a little hassle as cards and card numbers are replaced. Only Citi, Discover and Bank of America, however, offer one time use disposable credit card numbers. They all use technology from the same company, Orbiscom, which was acquired by MasterCard in 2009. American Express used to offer a service like this but, discontinued it years ago.
Oscar Smith at webdesignledger.com agrees that CAPTCHA codes are annoying, but in most cases, we accept them as an unavoidable step in the battle against bots and spam. But what if it was shown that CAPTCHA codes are not only damaging the usability of your website, but also hampering the ability of your site to create leads, generate sales or otherwise function and interact with your audience? The reality is that for the vast majority of the sites that we build as web designers and developers, we don't really have to worry about targeted attacks on our contact and registration forms. Using a CAPTCHA code on most sites is like using a Humvee to crack an egg. If you're developing a high-profile site or security critical web app, then sure, perhaps a CAPTCHA is going to provide you the most protection. But even then, you should be weighing up the risks and usability trade-off and asking yourself if there is a more user-friendly alternative. Oh and by the way, there is a business in breaking CAPTCHA codes, so even if you use one, you're not necessarily safe from a concerted effort to break it. And if all you have to worry about is protecting a form from generic spam bots, then there is definitely no excuse; you don't need a CAPTCHA; there are more user-friendly alternatives. Think about it; you've developed a beautifully thought-out website with clear user-funnels, calls to action, with everything gently pushing your visitors towards registering, purchasing, enquiring or otherwise completing a goal and then, you stick a dirty great squiggle at the end that your users have to decode before completing the task. It's a bit like spending weeks gently building up to asking someone out on a date and then vomiting down your shirt when you pop the big question.
www.puretalkusa.com has an anonymous article about burner phones. These devices became notorious for criminal use, but there are actually several practical reasons to use a number for a limited amount of time instead of using your permanent phone number. Say you're buying or selling something on Craigslist or another classifieds site. It might be safer to use a disposable number that you can terminate after the transaction instead of your personal number. This can save you from unwanted texts and calls from strangers, especially if you choose another buyer/seller. A disposable number is also handy for dating. Sometimes, you're just not quite sure things are going to work out. If you're worried about a prospect getting too attached after you’ve politely declined, a temporary number can you save you the hassle and headache of blocking someone from your phone and worrying if they have your number memorised. Are you seeing a theme here? All in all, burners are great for privacy. Use them for online purchases and subscriptions to avoid telemarketers and unwanted text ads. Or use one for a business phone. This way, your coworkers have a specific number to reach you, while friends and family have another. Burners can also be useful for keeping journalists and hackers from leaking details of your private events… like your wedding.
Jim Wang at www.bargaineering.com writes that the recent breach of global payments has once again brought the issue of credit card security back into the limelight. While most, if not all, affected cardholders won't feel any financial repercussions, they might have to deal with a little hassle as cards and card numbers are replaced. Only Citi, Discover and Bank of America, however, offer one time use disposable credit card numbers. They all use technology from the same company, Orbiscom, which was acquired by MasterCard in 2009. American Express used to offer a service like this but, discontinued it years ago.
