I have a website that requires users to register to post content to the site (news, articles, messages, etc). If I were to use OpenId instead of my own registration/login system, would that help keep spam bots away?
views:
55answers:
3
+1
A:
It depends on the quality of your home grown registration system vs. the quality of ANY openid provider you allow.
In other words: if your user registration requires email verification & captcha, but if some of the openid providers dont; the answer is no. Meaning, if your registration system uses all the typical spam bot protection of email, captcha, javascript checks, etc, you are better off just using your own as far as thwarting spam bots goes.
That said, most of the openid providers are pretty good at user verification (from my experience).
In considering using openid, the motivation should be more towards making it easier for users to enroll and use your system, and less towards spam bot protection.
Joelio
2010-08-19 13:22:29
I think you're missing something, here: if he supports "OpenID login", as in, is an OpenID consumer, then a spambot can use a spambot-specific OpenID provider. The question would be "is ANY OpenID provider weaker than my homegrown registration system"? But, regardless, it doesn't matter - because OpenID does not preclude having a site-specific account creation page.
Borealid
2010-08-20 04:07:16
Yes, I didnt make that very clear, yes, its "Any" provider. On the 2nd point the way the question was framed was one or other, yes you can use both.
Joelio
2010-08-20 21:10:11
A:
Support for OpenID and the like never hurts, and you definitely should implement that at some point. However, if it's about bots, a good CAPTCHA on registration and login would also do just fine.
egasimus
2010-08-19 13:22:34
+1
A:
Probably, at the moment. But if it catches on you can be sure the spambots will be updated and it will make no difference, or even be easier for them as they can use their own login authenticator then
John Burton
2010-08-20 21:18:06