Related link: http://www.hostbaby.com/
The thinking-out-loud question of the day : user-passwords versus domain-account-passwords.
Re-organizing the database for HostBaby web hosting.
Until now the client-to-domain relationship was one-to-one. (Very silly, wrong and lazy, of course. People with multiple domains on HostBaby had to just go sign up all over again.)
I’ve got that fixed so each person now has a single “client” account, with multiple domains inside.
The question is — do we assign them a client-level username + password, or just let them log in with any one of their domain-level usernames + passwords?
(Because each domain name *does* need its own username + password anyway.)
(on top of each domain also having its own user+pass)
* - one single username + password to remember to access their account
* - could log in to their account, even before their domain-account is ready
* - could match the way our domain registrar company is set up : one username + password controls many domains. we could keep these synced.
* - not EVERY domain account needs a username + password : aliases and redirects don’t. Only website accounts need it.
* - this is how other companies seem to do it (Network Solutions, GoDaddy, etc.)
* - more to remember!
* - I’d have to let them log in with their domain’s username + password anyway, since that’s the one they know the best
* - most of our clients have only one domain. requiring two different usernames + passwords just to administer that one domain is silly
* - more customer service complaints : more explaining
DOMAIN-LEVEL USER+PASS ONLY:
* - easier for them to remember : if they know any of their username + passwords, they’re in
* - people with one domain only have one user+pass to remember
* - no duplication
* - this is how they’d try to log in, anyway (and the way it’s been for years)
* - we generate that domain-level username+password for them when creating their account, so there’s a downtime after they sign up where they have to wait to hear from us before they can log in to their account
* - security risk? people with multiple domains have more likely chance someone could guess their info?
* - doesn’t match how our registrar works : we’ll have to choose their *first* username+password to be the master one at the registrar, and make sure they use that to connect to their account there, even when they add new domain names with new username+password combinations
I think it’s about 50/50. I’m going to try the domain-level only, and see how it goes.
Anyone else gone through this kind of decision before?