How do you prefer to log in?

[DrHaribo]

As someone who runs a pool, and has done a damn good job doing so, which do you prefer?

Thank you

As a user I find OpenID very quick and convenient.

As someone running a website, OpenID for the most part works fine. I don't need to store password hashes. I also don't have to deal with lost password issues, but on the other hand of course there are people who got banned from Google or otherwise lost access to their OpenID account who need help.

Over the 3.5 years there have been some negative experiences:

Some people write me angry notes saying I am trying to force them to register at Google and Yahoo to help the NSA and big corporations spy on them.

myopenid.net shut down with 6 months notice. Most people switched in time and it wasn't so bad. Only about 5 people didn't, and needed help to recover access to their Bitminter account.

A korean OpenID identity provider whose name I forget suddenly shut down (without notice as far as I know). Their entire website was replaced by a single page with text in korean saying something like "thanks for the good times. we shut down now. goodbye." If I recall correctly the text was an image too, so it was more difficult to get it translated with Google translate.

Blogger/blogspot has always been very unreliable. Their OpenID server is down half the time. There is no customer support available in any fashion. I didn't want to remove them from the login page because some users are using them and it will make it more difficult for them to log in without the blogspot button. Instead I put a warning not to use blogger/blogspot.

A few sites use OpenID implementations that apparently don't work well with the one I use, so you can't log in using those sites.

Yahoo OpenID was unstable for a while, maybe an hour of downtime per week. Then they crashed hard and their OpenID server was down for 3-4 days. I believe Yahoo mail was down at the same time. This came as a surprise as I had not expected Yahoo to be this unstable and take that long to fix their broken servers. Probably close to 1000 active Bitminter users were locked out of their accounts because of this. Too many to do manual account recovery for them all. I started working on an automated process, but then Yahoo finally got their act together and fixed the problem. Some users blamed me and left the pool. While it is not my fault that Yahoo is unreliable, it is my fault that I chose to rely on external services.

The latest problem now is that Google will not just be implementing the new OpenID Connect. They will also shut down the old OpenID 2.0 servers. So now all websites have to change their software if they want to keep Google logins. OpenID Connect is the new version of OpenID.

[1715049846]

1715049846

[1715049846]

1715049846

[1715049846]

1715049846

[Newar]

Have you considered sqrl login technology? see below:

https://www.grc.com/sqrl/sqrl.htm

I had forgotten about this. It looks very interesting and much more secure than other 2FA solutions. But are there mobile apps implementing this? Are any sites using it? Are people willing to scan a QR code every time they need to log in? [...]

Yes, that'd be great!

Android app:
https://play.google.com/store/apps/details?id=net.vrallev.android.sqrl

[Sumerian]

I'd personally use Google auth if possible (and passwords with capital and numbers).

[crodaddie]

Name and Password

[NeuroticFish]

User + Password + 2FA, and the site should have "remember this user+password" so I will actually type only the 2FA.

[spineshank624]

Name and password + second factor (Google auth, Yubikey, etc)
I like authy but that's a personal pref. I like having the second security layer.

[germanuniv]

Name and password

[sgk]

How would you prefer to log in at your mining pool's website?

Please take part in the poll above.

I prefer to use BTC payment address as username. Site should be publicly open.
Security can't get better than this. There's no password to hack - you mine on your BTC address, period.

And the side benefit is, you don't have to create accounts on numerous pools, remember them all and also worry about getting one of them hacked.

[loshia]

OpenID

[Reynaldo]

I would really like to use google authenticator, dont know why it was not implemented already..

[DonQuijote]

Voted!

Name and password + second factor (Google auth, Yubikey, etc)

[Flashman]

Yahoo OpenID was unstable for a while, maybe an hour of downtime per week. Then they crashed hard and their OpenID server was down for 3-4 days. I believe Yahoo mail was down at the same time. This came as a surprise as I had not expected Yahoo to be this unstable and take that long to fix their broken servers.

Yes, yahoo started to deteriorate all over in the first half of last year, I thought they were circling the drain, but all of a sudden, things started working right again. I maybe only get 1 in 3 mails sent to my old yahoo mail accounts though.

[Ososober]

user name and password, with 2fa (or email confirmation) for critical events, such as change email, change address, manual withdrawals and change of perks/donations

[organofcorti]

I like 2fa, but only of the yubikey type. I really don't want to use Google authenticator.

[Flashman]

If it raises your hackles to use "google" anything, see alternative implementations of authenticator in this version of the wiki article (current, but some wikidiot keeps removing the 3rd party stuff periodically) http://en.wikipedia.org/w/index.php?title=Google_Authenticator&oldid=643155923

Links are provided in the cite notes/references.

[organofcorti]

If it raises your hackles to use "google" anything, see alternative implementations of authenticator in this version of the wiki article (current, but some wikidiot keeps removing the 3rd party stuff periodically) http://en.wikipedia.org/w/index.php?title=Google_Authenticator&oldid=643155923

Links are provided in the cite notes/references.

No, I'm fine with Google products generally, just not authenticator. Much prefer to use a Yubikey.

[Crypto9er]

IMO best option would be "No login (user name is payout address, entire website is public)". Why would a user need to login if there is no need to withdraw manually?. Just set an automatic payment (similar to Eligius) and make all stats public.

[Flashman]

That's a great solution if you've got a reasonable amount of power, but for some of us, payments would be a bit dusty.

[Gh0stHack3r]

No complex centralized login needed (username/password as payout address, is a nice safe decentralized solution) don't think the entire website need to be public cause of that)
- that got my 2 cents, all day long.

Why use centralized controls when you don´t need to?
and for all who don't like to use centralized US tracking services it would be nice to at least have this option ..

Keep up the good work fellow Northman.

PS: don't eat to much Haribo...  not all dentists take BTC :-)

[trendax]

Can't believe FB is listed as an option.....that's a joke right? 

I couldn't agree more. 

Personally I like an aesthetically pleasing and practical interface therefore wallet address systems are out, login or public platforms.

Everyone knows how to create a username and password so why change something that works. Add a little 2FA for security and your set.

Name and password + second factor all the way, typically with Google Auth or SMS.