Let's see, in the past week, I finished my job at the postgraduate school, started my new job, got my iPod and its accessories, ordered my powerbook, got to have a nice and relaxing weekend (and can't think about sundaes at Denny's without cracking up), and am now going to head out day two of work. The work doesn't feel like work; I got up at 8 am this morning to do some of this [work" on the side.
I need cat ears for at my cubicle. I don't want to take my normal pair simply because I like having my ears around the house and in easy reach. My iPod has made the drive up to Milpitas much easier though, as Griffin Technologies' iTrip lets me listen to sweet sweet MP3s the entire time. (For the curious, it's a 40GB with click wheel.)
The web site is on hold right now in terms of design. I'm sure you won't object to this really simple layout for a week or two more.
Now, back to examining high traffic web sites to better understand their password recovery systems. Hotmail likes to "forget" about Gaia emails, GMail and Yahoo mark them as spam, and some individual providers just flat out block them. This of course presents two possible situations. The first is, a user can never get an e-mail when they try and recover their password, and the second is the user can never register for Gaia. The goal of course, is to develop a system that allows a user to accomplish both. Having had lots of experience with my bank when purchasing my new Apple (and thus, also lots of experience with Apple), things such as billing zip code, social security numbers (last 4), and full name are common identifiers. However, these items don't necessarily work in an online environment. You need instead a security question.
The idea behind a security question is an item that only the user/owner would know the answer to. There need to be enough questions that the user can select one from the list they know the answer to, yet short enough the user does not give up and settle for the first one they find. Common security questions you can find on the Internet's major web sites are: * Mother's Maiden Name * City of Birth * Current Zip Code * Last 4 Digits of Telephone Number * Favorite Pet's Name
Coming up with a few more has been hard, as I always saw the ideal number as somewhere around 7-8 items. This way, a user can find not one, but two questions. How secure is this? For that matter, at what point does security overpower the user's desire for convenience? There are several things that could make Gaia "more secure" including https logins, prevent storing of cookie data, stripping certain tags from messages, etc. However, with each of those comes a loss in usability and function for the user (no cached pages, no autologin, and no imagemap signatures respectively).
For the curious, this site is running "Textpattern](http://textpattern.com/) which is a beautiful Textile based distributed authorship system. My hope is to (when all is said and done) run my portfolio, blog, latest reading / listening, cam portal, and more all through this system. I've been looking for a replacement to be happy with ever since Movable Type changed their terms for licensing, and I think I finally found what I was hoping for. The new tags are taking some getting used to, as Textile functions differently than XHTML in many ways, but I'm liking the end result. For the curious, you can learn about Textile at http://textism.com/tools/textile/
See what happens when I never update, everything comes out all in one blob!
In response to "Gaia, Textpattern, Job Change, Web Site":
Part of the problem is also making users care about the security of their account. A lot of younger users (in general, on most sites, in the past few years) have this strange lack of care about who they share information with.
It’s disturbing, as when they get to post-secondary, they still don’t care about the security of their information/accounts, until someone takes advantage of their apathy. Then they kick and scream and raise a fuss. I’ve just shaken my head so many times at students in my classes leaving themselves logged in labs, and going to get a coffee – not even bothering to lock the screen to ensure that their project they’ve spent the past three weeks on does not get tampered with by less honourable individuals :s
Https logins would be nice in terms of feeling more secure while accessing from public networks (i.e. schools, libraries) or terminals. But sacrifices in terms of usability -_-;
Something I’ve been pondering for a while in terms of password / recovery systems is a puzzle type system. There is still issue of someone looking over shoulder though, unfortunately.
Essentially: image-set that can be chosen by user and they use the images to make a phrase they can remember. Images would naturally have corresponding values for reference by the login process.
The problem I’ve always had with the postal code/maiden name/country questions is that in the past, I never actually put the correct information – so trying to remember afterward what information I put in, to try to get back in, was generally a chore in itself. Also, some of the information can be gleaned if the user keeps a blog / random chatters on various IM clients without remembering what value the information can have. Other information can be gained if the user has a domain and registered their contact as their residence :
Has the xml token method gone anywhere? I kind of half-remember discussing it as an aside during my cisco classes a few years back, but I think it had not been implemented yet.
Sorry for mumbling on your blog -_-;
* envies your 40 gb * I have a 20 that I bought same time as my powerbook in August. How big is the powerbook you’re getting?