Comments on: The need for semi login for websites

By: Some Developer

Some Developer — Sun, 20 Dec 2009 09:41:07 +0000

Hi Arun – a very nice and elegant idea. I hope google, hotmail, yahoo and others implement it. It’d be trivial for them to implement it AND extremely useful for us.
/SD

By: arun kamath

arun kamath — Sun, 29 Nov 2009 17:18:28 +0000

This would be a great option. But, unfortunately most have more than one account. Many have accounts with different service providers and maintaining OTP’s will be bit cumbersome.
Unimportant mails would include newsletters, etc. You can also mark any email you receive as unimportant. Also, you can filter incoming mails from friends who send email forwards, etc. Of course, the obvious problem is that what if that friend sends important email. However, usually most people have different email accounts for sending and receiving important emails and for leisure purposes like sending forwards.
Also, many people suffer from G.A.S.S – Google AdSense Stats Syndrome ie. checking one’s stats every few minutes. As I have mentioned in the blogpost above semi-login will help these people in safely viewing their stats.

By: João Sena Ribeiro

João Sena Ribeiro — Sun, 29 Nov 2009 13:20:31 +0000

I think you’re seeing the problem the wrong way. What would determine what mails would be unimportant.

A much better approach would be the implementation of a simple variant of One-Time-Passwords (OTP, http://en.wikipedia.org/wiki/One-time_password) by Google. You’d generate and print out a list of passwords (one-time-passwords) that you’d carry around with you.

When you need to access, for instance, Gmail from an insecure location, you’d select OTP mode and use the first password on the list. You’d do your stuff, then logout. That password is not valid anymore, the next time you’d use the second password on the list, and so on until you’d run out of passwords (requiring you to generate a new OTP list).

This would render any keylogger useless.

Regards,
João.