On Mar 4, 2005, at 5:50 AM, Fil wrote:
But I still find it too complex; we should get rid of the password thing. People just nedd to know where they can see more options.
I've been thinking a bunch about this since it was mentioned as a security problem a while back, and the more I think about it, the more I like the idea of not having passwords for regular users. (Or having it possible for admins to disable passwords for regular users.)
I was thinking that it'd be best replaced with timed email-authorization things, the way you can currently unsubscribe without a password. I don't know how long the timeout on those things are, but having it send you an email with a link to the archives or your options seems feasible. Having the links only be valid for a given time (say, an hour?) would reduce the threat of dictionary attacks *and* mean that more users can figure out how to do things on their own. ;)
Terri