mark2 Posted January 7, 2011 Share Posted January 7, 2011 Hi, we decided to simplify the login page at Mondizen. Instead of two boxes - one for account creation and one for login we present one box with an email input, then if the user exists we show a password box otherwise go to an account creation page. This should seem simpler for the customer. Feedback welcome. Link to comment Share on other sites More sharing options...
DevNet Posted January 7, 2011 Share Posted January 7, 2011 Hi,Do you have ideas about the appearance of this group login + registration?Best regards Link to comment Share on other sites More sharing options...
mark2 Posted January 7, 2011 Author Share Posted January 7, 2011 Hi, you can see it on the mondizen website. Link to comment Share on other sites More sharing options...
rocky Posted January 8, 2011 Share Posted January 8, 2011 It's a good idea, but you do realise that a hacker can now determine when they have an email address right, so they can just brute force attack the password? Before, they couldn't be sure whether it was the email address or password that was wrong. Link to comment Share on other sites More sharing options...
mark2 Posted January 8, 2011 Author Share Posted January 8, 2011 Yes this could be a problem. In Prestashop if you choose to create a new account on the login page and the email already exists then you get an error message saying the email already exists, so the information is available. Alot of websites have a "forgot my password" form that provides the same information. It would be possible to add a captcha but personally I don't like these. Prestashop already has a sleep call in the password verification but I don't see that this stops a brute force attack. Logging failed login attempts is what we do at the moment. Link to comment Share on other sites More sharing options...
Recommended Posts