I'm trying to learn about user interactive web-design, from a security perspective.
Not just the obvious things like password length and complexity, but for example...
- different methods for setting up online user accounts for existing client or customers
- types of username format (eg, e-mail address or site generated ID)
- various password reset mechanisms
Different web-sites may have different ways of performing these functions, dependant on whether security or convenience is upmost.
Are there any resources or best practices available, which outline the common scenarios and solutions?
Thanks for reading...