Password Protection Option

[charmian]

Title:
Password Protection Option

Area:
Security

Summary:
A new level of security, password protection, could be created. It would be similar to the <a href="http://en.wordpress.com/features/password-protected-posts/">Wordpress feature,</a> where viewers must enter a password in order to see a post.

Description:
Sometimes, users might want someone who doesn't have a Dreamwidth account to see a post. This person might have a low level of internet know-how, or not want to go through the trouble of using openID to simply see one post. (Or, it could be a group of persons, meaning that it might be inconvenient to add them all)

Or, if this person has a Dreamwidth or openID account, the user might not want to grant them access because it would mean that they could see all of the user's access-locked posts on the Default Access List level of security.

In terms of feeds or crossposts, the post would be replaced with a link to the Dreamwidth entry (since LJ doesn't allow for passwording). Comments would also not be visible.

In terms of the posting interface, I think it could be placed under security options after Custom Filters. If selected, there would appear a box where the poster could type in the password. Password-protected posts would be public (I'm not sure there is much use in them being Access-locked).

Poll #1498 Password Protection Option

Open to: Registered Users, detailed results viewable to: All, participants: 41

View Respondents

This suggestion:

View Answers

Should be implemented as-is.
11 (26.8%)

Should be implemented with changes. (please comment)
6 (14.6%)

Shouldn't be implemented.
12 (29.3%)

(I have no opinion)
12 (29.3%)

(Other: please comment)
0 (0.0%)

Comments

[zvi]

If we do this, the level of security should not be public. (The whole point of having locked entries is that people who can't see them don't see evidence that they're there.)

Also, I would want to be able to set the password either per-entry or per tag, so that giving someone access to one password-protected entry wouldn't open up any other password-protected entries to them.

[cheyinka]

They'd have to be public in order for this to work as "access-lock for people I don't want to see my default access entries" or "access-lock for people who I don't want to be visible on my profile" or "access-lock for people who can't set up a Dreamwidth", though.

(I am not advocating this suggestion be implemented, just pointing that out.)

[charmian]

But then, how can the people find the screen to input the password? I'm suggesting that this work like the Wordpress feature, where you can see (anyone can see) that a post is locked. For some people, the point of having locked entries may be that "people who can't see them don't see evidence that they're there," but for others, it may be "people who are not supposed to have access to this information can't see it, although they know it is there."

Agreed, it should be settable on a per-post basis. On WP, the way it works is that if it's the same password, if you enter it once you can see all posts that use the same password, but if it's a different password, you can't see them.

[zvi]

Maybe we're talking about two different things when we're talking about the entry being public or not. My idea is that you wouldn't be able to discover this password-protected entry: it wouldn't post to anyone's reading list, it wouldn't show up on the calendar, it wouldn't be in the flow of entries if you're going backward or forward through entries. (Only the reading list hiding should apply to the owner of the entry.)

If someone wanted you to read the entry, you would have to get a direct url, and then the entry would request the user name and password.

If possible (and this might be a gigantic database of info that is just not worth keeping, but it would be really cool) if a logged in user opened an entry with a password, they should be able to go back to the entry while logged in without re-entering a password, through multiple sessions, at least until the entry is changed in some way (ideally, until the password is changed, but it might be easier/cheaper to just watch for any change.)

[charmian]

Yeah, I think we are. In WP, it's discoverable like that. However, the kind of non-discoverability you're talking about might also be a good idea.

Although, why would there need to be a username? What I'm thinking is of just a password, without the username (as the password is not person-specific, but could be mailed to several people)

[zvi]

not a username. I typed it w/o thinking, because it's astock phrase in my head.

[matgb]

Disagree with this--sure, it could be an option to hide it that much, but I'd want such entries to appear in my RSS marked as "password protected" (I'd also like some way of pinging RSS readers and aggregators that don't use auth=digest as well) as that's where a fair few readers come from.

There's no point, to me, in having an easier way to have non-site users get to an entry then make it impossible for them to find it. This would be especially true of some older family members who might just possibly remember to check a URL, etc.

[kyrielle]

Allow the user to specify whether it's public-with-password or private-with-password (anyone can see it exists or no one can see it exists, but either way a person linked directly to the post may input the password and see it), on a per-post basis. Specify the password on a per-post basis also. This way, people who want the Wordpress-like feature can have it, but also someone can choose to make a post and then email the links to people.

Really, REALLY sweet: allow to specify an access list plus password, and set existence-of-post public or private. People on the access list can see the post normally; those not on it can either see it exists or not based on that setting; those not on the list, given a link to the post (either because they see it exists or a direct link is sent) can give the password and see the post. This would allow you to invite into your access-list-locked discussion people who might otherwise not see it.

Allow a password to be added to an access list. I have an access list called "Mommy" for my, well, mommying posts. Let me add a password to it as if it were an account, and anyone who supplies that password can see any post with that security. That would be cool. That may be too complex to do, though, but it would be cool.

[distractionary]

+1

[elena]

That would be a great way to implement this feature.

[kyrielle]

One more thought - if the posts are not public-visible/discoverable, it'd be nice if putting the password in at the journal level revealed all the posts with that password (which means supplying some way, perhaps via a link or button, to put in the password). No need to remember 2+ passwords per reader per journal, IMO, but the most recent one would be nice.

[matgb]

I would actually really like this option--a lot of my readers (and even more of miss_s_b's) are non LJ/DW users unfamiliar with OpenID or LJ tricks.

We would both definitely want the entry to appear in the RSS feed, for example, as a lot of our readers come to us from an aggregator. How often it'd be used I don't know, but it could definitely be very useful.