Comment A system that I use... (Score 1) 476
I've implemented an extensive hockey pool website. To make the site more attractive to specific team owners, I use a two phase logon system.
Phase 1 is stashing the userid in a cookie. When a user connects to the site, I check for the cookie and if its there then I accept their identity claim.
Phase 2 kicks in when the user actually tries to do something that might alter the state of the account (e.g. enter a trade, vote on an vote topic, post a message, etc). This stage requires the user to re-enter his/her password before proceeding.
Slashdot could easily implement something similar. You can't post unless you at least phase 1 clearance (if you are smart about generating the userid cookie then it can become nearly impossible to generate them randomly). After they've logged on once, it never inconveniences the user again unless they change browsers, etc. You can even add a checkbox that the user can select to make the post anonymous.
If the user tries to change their ssetup in any way, they need to re-enter their password.
Just a thought.
Phase 1 is stashing the userid in a cookie. When a user connects to the site, I check for the cookie and if its there then I accept their identity claim.
Phase 2 kicks in when the user actually tries to do something that might alter the state of the account (e.g. enter a trade, vote on an vote topic, post a message, etc). This stage requires the user to re-enter his/her password before proceeding.
Slashdot could easily implement something similar. You can't post unless you at least phase 1 clearance (if you are smart about generating the userid cookie then it can become nearly impossible to generate them randomly). After they've logged on once, it never inconveniences the user again unless they change browsers, etc. You can even add a checkbox that the user can select to make the post anonymous.
If the user tries to change their ssetup in any way, they need to re-enter their password.
Just a thought.
