We should consider some edge cases like:
* More than two accounts with exactly same email and password.
-> In this case, which account should be chosen for logged-in? Maybe
account selector could be one of the answers.
* If there's a 42 accounts with same email.
-> Should mediawiki try to check password forty two times? It will
takes _very_ long time as enough to cause gateway timeout. Which means
nobody can log in to that account.
-> To avoid timing attack completely, should mediawiki calculate hash
of all users forty two times as same as above user?
2015-02-20 8:58 GMT+09:00 phoebe ayers <phoebe.wiki(a)gmail.com>om>:
Hi all,
I'm the one who started that bug-now-task a while back, and for
context, it was based directly on user feedback. What MzM says above
is right. I was working with a casual (but quite good) editor who said
to me "well, I'd edit that Wikipedia page, but I don't edit very often
and I can never remember what my login is, since my usual login was
taken. But if I could enter my email address, it would be a lot easier
and I'd be more likely to just do it."
Struck by the idea that this was a barrier to editing, I asked around
and got similar feedback from other people, for both public and
private mediawikis. So I submitted the bug for consideration. I know
it's difficult and there's been a lot of discussion on how to
technically do it, but I think the underlying need definitely still
exists.
thanks,
Phoebe
On Thu, Feb 19, 2015 at 4:54 AM, Tony Thomas <01tonythomas(a)gmail.com> wrote:
Hello,
Before someone starts with a proposal for the proposed-tech-project 'Allow
user login with e-mail address'[1], is there still community consensus for
the same ? I personally think its a must-have for MediaWiki, as e-mail
address is easy to remember than a complex username. Currently multiple
users can sign-up with the same e-mail id - which would possibly be a
blocker, and can be fixed. Thanks to MzMcbride, we have an RFC[2] too on
the same.
[1]
https://phabricator.wikimedia.org/T30085
[2]
https://www.mediawiki.org/wiki/Requests_for_comment/Login_via_e-mail_address
Thanks,
Tony Thomas <http://tttwrites.wordpress.com/>
FOSS@Amrita <http://foss.amrita.ac.in>
*"where there is a wifi, there is a way"*
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
--
* I use this address for lists; send personal messages to phoebe.ayers
<at>
gmail.com *
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l