Half a croissant, on a plate, with a sign in front of it saying '50c'

h a l f b a k e r y

The embarrassing drunkard uncle of invention.

idea: add, search, annotate, link, view, overview, recent, by name, random

meta: news, help, about, links, report a problem

account: browse anonymously, or get an account and write.

user:

pass:
register,

...
no names
nottheonlyonlychild.com
One Online Identity
Online reputation management
passwordless-login
pedegree.com
Picasso Style Facial Re-Arrangement Photo App
Privacy: Dissociate account from other site components
Psychos-R-Us
...

computer:web: identity

passwordless-login

Provide passwordless login to a website even if the site doesn't

(+1)

[vote for,
against]

Passwords are a pain! Either you use a single one for all your properties (don't!), or you use a password manager that may or may not work when you are on the go.

But, passwordless login via a login link in your email inbox is easily attainable but still not very widely deployed. This idea seeks to build a service that provides passwordless login to a side even when the site itself doesn't.

The way it could work would be to provide an email address and inbox for registration and "lost password" emails.

When I want to login to a site, I would click in "Lost password" and enter my email address, e.g. olav@passwordless- shim.com

The service would intercept the email, click the link on my behalf, enter a randomly generated password and log me in with it.

I am sure this could be made to work at least for *some* sites.

—	olav, Nov 20 2017

OpenID http://openid.net/what-is-openid/
An open source version of the identity service now commonly provided by the likes of Google, Facebook etc. [zen_tom, Nov 20 2017]

Please log in.
If you're not logged in, you can see what this page looks like, but you will not be able to add anything.

Annotation:

Cybercriminals just love people like you ...

—	8th of 7, Nov 20 2017

There is a third way that seems to be becoming more popular as time goes by, which is to decouple the identity authentication part of the process to a third party who will confirm you are who you say you are, and then send an encoded, temporary key on your behalf. This is what happens when you see something like "Log on with your Google Account!" or other similarly friendly sounding suggestion. Doesn't work with websites who've decided not to join in though, which is a shame, as that'd be the interesting next step. So, rather than the actual details of the implementation in the idea, I'm [+]ing for the idea of having a service that manages your logins without any participation from the websites to which one is attempting to log.

—	zen_tom, Nov 20 2017

Wouldn't this let anybody log in as you? Or would passwordless-shim.com authenticate you?

—	notexactly, Feb 11 2018

Presumably this could be made secure if your "secure" email address was password-like, so instead of [olav] entering olav@passwordless-shim.com they could enter (for example) correct-horse-battery-staple@ passwordless- shim.com

Still not properly secure as noticed by [8th] <minute's silence> but for low-risk logons could be doable.

—	pocmloc, Jun 16 2021

back: main index

business computer culture fashion food halfbakery home other product public science sport vehicle