Half a croissant, on a plate, with a sign in front of it saying '50c'
h a l f b a k e r y
If ever there was a time we needed a bowlologist, it's now.

idea: add, search, annotate, link, view, overview, recent, by name, random

meta: news, help, about, links, report a problem

account: browse anonymously, or get an account and write.

user:
pass:
register,


           

passwordless-login

Provide passwordless login to a website even if the site doesn't
  (+1)
(+1)
  [vote for,
against]

Passwords are a pain! Either you use a single one for all your properties (don't!), or you use a password manager that may or may not work when you are on the go.

But, passwordless login via a login link in your email inbox is easily attainable but still not very widely deployed. This idea seeks to build a service that provides passwordless login to a side even when the site itself doesn't.

The way it could work would be to provide an email address and inbox for registration and "lost password" emails.

When I want to login to a site, I would click in "Lost password" and enter my email address, e.g. olav@passwordless- shim.com

The service would intercept the email, click the link on my behalf, enter a randomly generated password and log me in with it.

I am sure this could be made to work at least for *some* sites.

olav, Nov 20 2017

OpenID http://openid.net/what-is-openid/
An open source version of the identity service now commonly provided by the likes of Google, Facebook etc. [zen_tom, Nov 20 2017]

[link]






       Cybercriminals just love people like you ...
8th of 7, Nov 20 2017
  

       There is a third way that seems to be becoming more popular as time goes by, which is to decouple the identity authentication part of the process to a third party who will confirm you are who you say you are, and then send an encoded, temporary key on your behalf. This is what happens when you see something like "Log on with your Google Account!" or other similarly friendly sounding suggestion. Doesn't work with websites who've decided not to join in though, which is a shame, as that'd be the interesting next step. So, rather than the actual details of the implementation in the idea, I'm [+]ing for the idea of having a service that manages your logins without any participation from the websites to which one is attempting to log.
zen_tom, Nov 20 2017
  

       Wouldn't this let anybody log in as you? Or would passwordless-shim.com authenticate you?
notexactly, Feb 11 2018
  

       Presumably this could be made secure if your "secure" email address was password-like, so instead of [olav] entering olav@passwordless-shim.com they could enter (for example) correct-horse-battery-staple@ passwordless- shim.com   

       Still not properly secure as noticed by [8th] <minute's silence> but for low-risk logons could be doable.
pocmloc, Jun 16 2021
  
      
[annotate]
  


 

back: main index

business  computer  culture  fashion  food  halfbakery  home  other  product  public  science  sport  vehicle