I was discussing with some friends a few days ago about the need for users to register on blogs to leave comments. Myself, if I don’t see at least an option to use OpenID (which in my case goes to StartSSL) I tend not to comment at all, pretty happy with choosing Disqus with Facebook or Twitter login over custom registration forms (but as you notice, this blog has no registration at all).
So why do I take this stance? Well, it should be obvious but seems like not everybody guesses it properly. The reason is that the moment when you make users register to your blog, you should feel responsible for their safety and security. The moment when you make them choose a password, it’s more than likely that the majority of them is going to choose a “usual” password. And that can be a very nice prize for a group of cybercriminals looking into getting access to Amazon or Google accounts.
If you don’t believe that online account credentials are actually worth something, you might want to read this article by Brian Krebs which explains which uses bad people have for your email account.
Now, it’s true that if you attack one single big fish such as LinkedIn, or more recently Ubuntu Forums or Apple’s dev site, but those are hard to crack for the most part, which means that they are out of the league for the most crooks out there. On the other hand, especially thanks to people abusing plugins badly, WordPress installs can be cracked in just a few minutes each, and while each is unlikely to bring more than a handful of passwords, actively scanning for vulnerable WordPress instances is very common. I’m happy that the one WordPress I manage is behind ModSecurity, GrSec, and PHP running in FPM as its own unprivileged user.
So please, please, please: try your best not to make people register on your website with a password. It’s not safe, not for you and not for your users. For them because if you get cracked, their safety is at risk. For you because you become a very yummy target for crooks.