We at WhoAPI are almost done with the MVP version of the service. The API works but the website with client administration is still due.
I was thinking about creating something completely new for users to log in to the service. A passwordless login!
Let me explain:
Facebook & Google use dual authorization for maximum security (opt-in feature). For example, you open the facebook on your new computer, click log in and wait for the SMS with temporary password to arrive, you enter the pwd and you’re in for good on that particular computer/browser.
What if all websites work like this but only with the temporary password for one time log in. So imagine, you come to our service like whoapi.com, you enter the email and click the log in button; password comes to your email/sms (depends how you setup your account), you enter the password and voila, it works, without a password to remember. Every time you come back, session stays alive. If you’re on a computer you don’t own, just Log out and the authorization for that computer/browser gets deleted.
Why do we trouble our self with remembering long, strange passwords we are forced to create? For example, password must include: at least one big letter, at least one number and be 8 to X characters long. Come on, that sucks! I developed a technique of my own to have different passwords on all the websites but in a way to remember it easily. That’s good but that one more website that forces me to enter a non-alphanumeric sign changes everything, again! I know, you can use Roboform, 1Password or similar tools, but I don’t want to use any tools on any device!
Breakthrough for security when passwords leak! I was just reading how EA Origin Accounts got Hacked, and they now advice all the users to change their passwords. This is bad! If they had a system like this one, they (EA in this example) would just deauthorize all computers without bothering their users about it.
As the subject says, what do you think about logging in to websites without a password at all?
P.S. password can be an optional “thing” :)