The first problem, see "User Registration" a blank mind how to do? Open your cell phone, quit your qq, micro-letters, click on the "Register" :)
Of course, now registered micro letter many restrictions, cumbersome, not a typical registration process, where I mainly want to talk about the more conventional way of registration.
I put into registration mode 用户名注册, 手机号注册, 邮箱注册, 第三方注册, 其他注册方式. They are not mutually exclusive relationship, a platform typically provide one or more ways in which this is, and will be slightly different process.
User Name Registration
It can be said is the easiest way a registered user to customize the user name 1. Fill in the form, 2. enter the password twice, 3. Enter the verification code to submit, you can register.
Now there are very few domestic websites registered in this way, and only a small site will be to reduce the cost of registering users and increase user confidence in this way.
By registered user, you only need to ensure that users can customize unique name.
Mobile phone number registered
The more common way of registration, the process is as follows:
1. Enter the phone number and verification code
2. Click for phone verification code
3. phone for the code, fill out the SMS verification code
4. submitted successfully registered
mobile phone number registered variants have, mobile phone text message authentication code may be, it may be to answer the call.
In addition, if the service is different transnational nature of the site, the phone number of the processing will be divided into international area code, such as China is +86. And for different countries and regions have different SMS service providers.
email registration
The more common way of registration, the process is as follows:
1. Enter email, password, authentication code, submit registration
2. Go to the mailbox, open the message, click the link to activate a user
mailbox registration process distinguishing point is that some sites are simply click inside the Mail links automatically jump past the activation is successful, in fact, with the url user-related parameters, called user-activated interface, the interface returns after a successful jump successful activation page.
Some sites are sending mail verification code, users need to enter a verification code on the mailbox after the submission of the registration jump activation page. And if the user accidentally close activation page, then log in again website will be some way prompt, go to the activation page again to complete the activation process.
Third-party registration
It is now a very popular way of registration, because it is very simple.
Recall that we open Tencent video with computer / phone, we only need to click on the currently logged on to log qq immediately, nothing needs to fill, is not very convenient?
Even if we open the lines of products are not geese, some of them also offer "qq login", "micro letter Log" This function, which is how to do it?
Like qq, micro letter, facebook, Twitter, insgrame such a large social platform, we will provide 开发接口to other companies of developers, such as: QQ API list .
Third-party registration process is:
1. Web site requesting user authorization qq / micro letter login
2. User allow the site to access his qq / micro-channel personal information
here will pop authorization page a qq / micro letter, detailing the user will allow the site gets what general registration process will get basic information such as user id, user name, user avatars.
But some malicious websites can steal private user information, and then hawking, so be sure to see the authorization authorize entry page.
3. Web site to obtain information about the user's qq / micro letter, these information into the site database, complete the registration process
on this part, the article OAuth 2.0 is a simple explanation to explain very clearly.
Of course, part of the site after the completion of third-party login, will still be asked to fill phone number, email, or reset the user name and so on.
Other registration methods
Some require special used for verification of registration, such as:
1.O2O site, users need to register the company's relevant information
2. Part-time classes of sites, users need a detailed description of their skill points, upload related works
in "an effective user" in the case of more things need to fill, the general registration process will be more complicated.
General product have two options:
(1) submit the normal registration process and the content is divided into two processes, the registration process, qualification process
The purpose of this is that users can easily "Registration." The user experience is good.
The disadvantage is that, to complete the registration process, but did not complete the qualification process of users, most of the permissions are not generally open, so be sure to do the right management.
(2) the normal registration process and submit site-specific information synthesis registration process
you need to prepare a one-time, to submit a lot of information, red tape, poor user experience.
Advantage is that users only classified as "registered user" and "tourists", there is no "registered user but does not pass certification," in terms of access control platform can be simplified a lot.
Extension
1. Code of offensive and defensive battle
CAPTCHA This thing is very interesting, let us talk about its role in it, "kill robots, guaranteed to be human."
We think, "registered user" in such a way if you do not fill out the required verification code, you can adjust the interface is not a form to be submitted directly to the registered user? And that for the platform side, it is more than the number of invalid user ah! Behind them are not real people, ah!
So there is a demand platform, use the code to stop the robot. While the defensive side, naturally attacking side, some people have the need to go to bulk registration, the most typical is the navy on Weibo, so they both like black hat and white hat, like feuding. Let me say a few common code form.
(1) authentication code
authentication code into input 1. Simple codes (English, numbers, characters), 2. codes to be calculated (the number of calculation problems).
This class of codes, often by defending 1. increase the range of a single character, such as letters from the digital to the digital +, 2 twisted character display, 3. add noise, to add a background color can be appreciated.
The attacker general solution comprising 1. stupid way, slice exhaustive, + the single character segmentation several forms it out, deposit "library codes", each is cut into individual recognition character, and then match the "code library", only for simple cAPTCHA useful 2. using machine learning (deep understanding), 3. using the coding platform.
(2) by sliding it
that the defender usually by generating more "similar" gap, to increase the difficulty of developing the attacking side, such as fake notch lower right corner of the image above.
The attacking side usually is found by identifying the real picture of the gap, calculate the position, analog slide.
(3) Click to verify
principle can look at this issue Tencent Click to verify code is what principle? .
But in fact attacking side still have a way to simulate :)
(4) specify more than one / article click in the picture, such as 12306.
12306 Way back when this function just when many normal users are crying, buy tickets, you know how difficult this verification 2,333,333.
Certainly not from the idea is not to break it, but have to say, start from scratch, then line and time-consuming. Of course, I believe that the attacker must have solution, but I do not know nothing -
this code website is 高频访问, when malicious attacks, but also 拦截the role, such as reptiles.
(5) be verified by raising the threshold, such as phone number, email
attacking side typically create SMS, the message "listening" feature to bypass this verification.
2. The memory of the old days: security question
way back in those days when the registration qq, more complex than it is now, to fill three issues plus its answer, which is "secret security issues."
Why then is there such a demand? Since the early qq do not have such a powerful talisman phone number.
Now the online world, we can say that the phone numbers are not lost, all the registered phone number or the phone number of the binding platform account will be lost.
But in the circumstances that "qq number + password", the password is stolen, the complaint back his qq is a very troublesome thing, there is no "phone number to retrieve account" of this fast track, only "multiple friends help complaints "such channels, then one, is the" secret security issues appeal "- and even in this case, I remember a lot of qq stolen or found again.
The fundamental reason is that the platform can not distinguish between good and real users hacking party, who is the real user. The security question is a way to resolve this situation, because the real users know the answer, but hacking does not know, so that distinction out.