Identity/BrowserID/TransitioningSites: Difference between revisions

Jump to navigation Jump to search

Identity/BrowserID/TransitioningSites (view source)

Revision as of 04:38, 6 December 2011

73 bytes removed ,  6 December 2011
→‎Safe migration from legacy auth to BrowserID
Line 15: Line 15:
==== Safe migration from legacy auth to BrowserID ====
==== Safe migration from legacy auth to BrowserID ====
* Never trust that the email address currently associated with a profile is valid or usable
* Never trust that the email address currently associated with a profile is valid or usable
** User could have lost control in the time since the user verified it
** Stale data; user could have lost control in the time since first signed up and verified it
** Another person could have claimed that email address out from under (unlikely, but possible)
* Require legacy username / password auth followed by subsequent BrowserID signin
* Require legacy username / password auth followed by subsequent BrowserID signin
** Ensures verified hand-off from legacy auth to BrowserID
** Ensures verified hand-off from legacy auth to BrowserID
LesOrchard
Confirmed users
920

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/375899"

Navigation menu