![](https://secure.gravatar.com/avatar/746f7519ba02fb0d815e59f305c53fa2.jpg?s=120&d=mm&r=g)
John W. Baxter wrote:
If the situation becomes a choice of
- mail out the password becomes generate a new time-limited password and mail that Or
- do away with passwords and have everything validated via a mailed-out URL
I think I as a user would prefer 2.
It is already hard enough to visit a private archive. E.g. if I have a link to a specific post and I follow it, by the time I get done logging in, my original link is forgotten and I go to the archive index instead.
If I now have to wait for an e-mail and follow some confirmation link, I'm going to give up before I ever get there.
I think there has to be a way to get directly to a private archive without going through some e-mailed confirmation. I might even be trying to access the archive from some machine that doesn't have access to the confirmation e-mail (perhaps a computer in a public library).
I agree that for most other things, e-mail confirmation is fine. I.e. if I go to my options page and change a few things, I don't mind having to answer an e-mail confirmation to make the changes effective, although I'm sure some would have privacy concerns about others being able to visit their options page without authorization.
Thus, on the whole I prefer passwords. Having to reset a forgotten password rather than being able to retrieve it would not be a problem for me.
-- Mark Sapiro <msapiro@value.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan