Want to know the best way to avoid all the concerns regarding passwords? Not to use them at all. That's what Medium has just did, replacing passwords with temporary urls sent to your email.
Using temporary, single use, links for login isn't particularly new, though not many high profile service use them - something we hope will change in the future, more so now that Medium is also ditching passwords.
The process is simple. When you want to login you need only to enter your email address, and you receive a url address you can click in order to login. This address is valid for only one use and also expires after 15 minutes. If you're worried about receiving an authentication url via email, suffice to say that you'd also be able to do a reset password procedure and receive a similar link on your email - though you'd need to enter a new password (which is kind of redundant, as this method shows).
This way, you can finally stop worrying about passwords, and even if hacked, services have no passwords or hashes for hackers to acquire. The only exception is the email service you use to receive the passwords on. For that you better use a secure password and 2-factor authentication for added protection.
No comments:
Post a Comment