h a l f b a k e r y
Crust or bust.
add, search, annotate, link, view, overview, recent, by name, random
news, help, about, links, report a problem
or get an account
Passwords are a pain! Either you use a single one for all
properties (don't!), or you use a password manager that
or may not work when you are on the go.
But, passwordless login via a login link in your email inbox is
easily attainable but still not very widely deployed. This
seeks to build a service that provides passwordless login to
side even when the site itself doesn't.
The way it could work would be to provide an email address
and inbox for registration and "lost password" emails.
When I want to login to a site, I would click in "Lost
and enter my email address, e.g. olav@passwordless-
The service would intercept the email, click the link on my
behalf, enter a randomly generated password and log me in
I am sure this could be made to work at least for *some*
An open source version of the identity service now commonly provided by the likes of Google, Facebook etc. [zen_tom, Nov 20 2017]
Please log in.
If you're not logged in,
you can see what this page
looks like, but you will
not be able to add anything.
Description (displayed with the short name and URL.)
||Cybercriminals just love people like you ...
||There is a third way that seems to be becoming more popular as time goes by, which is to decouple the identity authentication part of the process to a third party who will confirm you are who you say you are, and then send an encoded, temporary key on your behalf. This is what happens when you see something like "Log on with your Google Account!" or other similarly friendly sounding suggestion. Doesn't work with websites who've decided not to join in though, which is a shame, as that'd be the interesting next step. So, rather than the actual details of the implementation in the idea, I'm [+]ing for the idea of having a service that manages your logins without any participation from the websites to which one is attempting to log.
||Wouldn't this let anybody log in as you? Or would
passwordless-shim.com authenticate you?
||Presumably this could be made secure if your "secure" email address was password-like, so instead of [olav] entering email@example.com they could enter (for example) correct-horse-battery-staple@ passwordless- shim.com
||Still not properly secure as noticed by [8th] <minute's silence> but for low-risk logons could be doable.
||But EVERYBODY uses correct-horse-battery-staple these days.
It's a more common password now than SWORDFISH.