Friday, August 05, 2005

Design Patterns

Design Patterns recently won an ACM award for its contribution to the field of programming languages. I guess this is an apt time for me to mention a recent epiphany I had (I seem to be having a lot of epiphanies lately. Note to self: go easy on the bhang).

Why do we ask for a user name *and* a password to authenticate a user? Can't we just accept a single unique token? The token can be mapped to a user behind the scenes. It can be made unique by generating it using user-specific information (e.g. 'What is your pet's mother's maiden name?'). Then it occurred to me: separation of the user name and the password provides an additional layer of abstraction; the user can change his password independently of his ID. Also, passwords need not be unique; only the combination of user name and password has to be unique. This provides for more flexibility,

*removes tongue from cheek*