IMHO, Flickr/Yahoo has one of the best user-authentication systems I’ve ever seen. I’m sure it’s no accident that Twitter (eventually) moved to a system that is extremely similar.
(NB: I don’t know if flickr copied if from someone else, but they were the first I remember seeing like this, many years ago)
You want sensitivity in your security? Yeah!
It’s so sensitive that it’s currently blocking FlickrEdit’s (bad, broken, buggy) implementation. Not just with an error; not even with a warning … but with giant red letters, a yellow background, and a warning icon:
I was pretty annoyed that the app was seemingly so poorly written it wasn’t doing the desktop-based auth that it should be – and that it popped-open a web browser and “told” me to login (Flickr’s auth-system is slightly more seamless than that, and a much better user-experience).
But I was very impressed that Flickr noticed it too, and decided to warn me that this might be a scam of some kind…
Leaving just one question…
…is this open-source project buggy, or has someone hacked the source and put in a virus? Hmm…
Well. I’ve contacted the project owners, and informed them. Interesting to see what they say.
In the meantime, I have so much faith in Flickr’s authentication system (e.g. I know that it doesn’t share passwords) that I’m happy to go ahead and use the application. There are very few systems where I’d do this, but flickr’s (approach) is one of them.