Creating a webpage with user accounts, what do I need to keep in mind?

Question

I am trying to write a website that has user accounts. There isn\'t much sensitive information other than the password and email address. But I don\'t really understand what I\'

Answer 1

Use JanRain Engage (formerly rpxnow.com) for authentication. Their solution lets people use their existing credentials from Google, Yahoo, Microsoft, Facebook and others to log into your site. Many of these providers will give a valid OpenID and often a valid email address as a part of the authentication process.

If you use JanRain, you then only have to store the email address or the OpenID for a user, and you don't have to store passwords or password hashes. Furthermore, you don't have to implement any password reset functionality, or "forgot my password". Also your user registration functionality can be much smaller because you start it with a valid email address or OpenID provided by its owner.

The communication between your application and JanRain is authenticated and encrypted, so it is all nice & secure.