Login-Password
Do you really need that on a mobile application?
It’s high time the application developers start to see mobile & computers as two fundamentally different devices.
Computers in their early days were often a shared property among a group of academicians, students etc. Things have changed over time. You have a computer available for yourself wherever you go - there is an office machine, lab machine, home machine and so on. Through out this time, users have never had a one to one relationship with a computer. Hence, a user authentication system based on a login/pwd on each use makes a lot of sense.
On the other hand, mobile phones right from their introduction have been a personal asset. Mobile phones are full of personal information - all kept open. People don’t share their mobiles with each other. Keeping all this in mind, and looking at the mobile device in isolation, does it look sensible to ask me a login whenever I use an application on my mobile.
I am not proposing any solution here(as there are many), I am just trying to identify the problem.
- If there are things that you hate to see on your mobile phone, do leave a comment about them
September 11th, 2008 at 3:56 am
hmm…..I always thought supporting multiple ways of authentication should be the way to go. May be my operator doesn’t provide info about my connection through gprs, the pages should still be able to work out.
What might be interesting to have a common library that supports multiple kind of authentication and leaves pretty less headaches for the end-developer.
PAM (http://en.wikipedia.org/wiki/Pluggable_Authentication_Modules) is pretty interesting in that regards.
September 11th, 2008 at 4:05 am
Nope, you did not get me right. I am not concerned about any headache to the end developer. I am only looking at it from a users’ endpoint.
I am again not worried how your already existing web pages will work out. I am not even saying web pages.
I am only talking from an experience design point of view. As a user I couldn’t care less about how you serve me a content. I want to get it as simple as possible.
September 11th, 2008 at 7:18 am
I agree with you, its something twinkle already does for you on iPhone. Would be helpful to have a consistent authentication mechanism on phone devices. Although you would also need the ability to disable your phone remotely, in case you lose it.
September 13th, 2008 at 5:40 pm
@mayank: I totally agree that the end-user shouldn’t have to be worried about authentication….or rather he has means to say that try my global authentication credentials before bothering me.
But it got to be a standard, a way that both the client and server (anything….mail, website, whatever) agree to. Something like what ssh handshake does. Both sides disclose what all they support (under the hood) and things reach the end user only if other means don’t work out.
PAM was just a similar example.
September 13th, 2008 at 9:41 pm
Yes, now we are getting on the same wave.
So most of these (web?) apps maintain their records against a username. They give access to info to anyone who can give a pre-decided password as per the username.
How about something as simple as this. These mobile web apps use the mobile IMIE as the username, and don’t bother about a password. In addition, they provide an option in ‘Settings’ to also create a human readable username et all to access the service via your pc.
Don’t jump on to the security concerns as yet.
September 14th, 2008 at 6:52 am
…what I was saying was some kind of http standard (say we are just talking of web-apps) which negotiate in headers the kind of authentications possible. Revert to username/password if none other is possible.
In fact these things happen already. In my last company most of the internal web-apps negotiated with the host using NTLM. So, if one was logged in (on the client PC) using a domain-user acceptable to the server, the user is automatically logged in.
I think username/password should be obsolute even for the PCs.