Fog Creek Software
Discussion Board

From the why-can't-they-all-do-it Dept.

I was just registering for some online (free) content, and came across something I've never seen before. Maybe it's not that new (I rarely sign up for these things), but I think it's the cat's meow.

You know when you have to enter a username, but you have to go through a few before you find one that isn't taken? Worse, you have to go back to edit your preference, but then your password fields have been cleared, and often everthing else as well.

These guys let you check it from the same page. Username already taken? Change it, test again, and go on your merry way.

(It's the orange box 3/4 of the way down)

Simple thing, but what a difference.

Wednesday, March 24, 2004

It's a really good idea.
Unfortunately it's also a list builder.
Imagine misapplications like creating new email addresses, a hacker just has to hit this thing (the asp script behind this button) forever doing a dictionary attack and it will determine every valid email address for the site membership and build a spam list from it.

Li-fan Chen
Wednesday, March 24, 2004

Ofcourse you can use capthas once in while to prevent bots.

Li-fan Chen
Wednesday, March 24, 2004

Good point Li-fan.  Here's one of those classic tradeoffs between usability and security.  The security person is shaking his or her (man I hate English), but the PM already has it on the must have list...

christopher baus (
Thursday, March 25, 2004

Li-fan Chen, that also explains why the anti-spam initiative from Bill Gates will ultimately fail. The crypotographic challenges will be solved by someone else.

Karel Thönissen
Thursday, March 25, 2004

*  Recent Topics

*  Fog Creek Home