h a l f b a k e r yNot from concentrate.
add, search, annotate, link, view, overview, recent, by name, random
news, help, about, links, report a problem
browse anonymously,
or get an account
and write.
register,
|
|
|
Please log in.
Before you can vote, you need to register.
Please log in or create an account.
|
Passwords are a pain! Either you use a single one for all
your
properties (don't!), or you use a password manager that
may
or may not work when you are on the go.
But, passwordless login via a login link in your email inbox is
easily attainable but still not very widely deployed. This
idea
seeks to build a service that provides passwordless login to
a
side even when the site itself doesn't.
The way it could work would be to provide an email address
and inbox for registration and "lost password" emails.
When I want to login to a site, I would click in "Lost
password"
and enter my email address, e.g. olav@passwordless-
shim.com
The service would intercept the email, click the link on my
behalf, enter a randomly generated password and log me in
with it.
I am sure this could be made to work at least for *some*
sites.
OpenID
http://openid.net/what-is-openid/ An open source version of the identity service now commonly provided by the likes of Google, Facebook etc. [zen_tom, Nov 20 2017]
[link]
|
|
Cybercriminals just love people like you ... |
|
|
There is a third way that seems to be becoming more popular as time goes by, which is to decouple the identity authentication part of the process to a third party who will confirm you are who you say you are, and then send an encoded, temporary key on your behalf. This is what happens when you see something like "Log on with your Google Account!" or other similarly friendly sounding suggestion. Doesn't work with websites who've decided not to join in though, which is a shame, as that'd be the interesting next step. So, rather than the actual details of the implementation in the idea, I'm [+]ing for the idea of having a service that manages your logins without any participation from the websites to which one is attempting to log. |
|
|
Wouldn't this let anybody log in as you? Or would
passwordless-shim.com authenticate you? |
|
|
Presumably this could be made secure if your "secure" email address was password-like, so instead of [olav] entering olav@passwordless-shim.com they could enter (for example) correct-horse-battery-staple@ passwordless- shim.com |
|
|
Still not properly secure as noticed by [8th] <minute's silence> but for low-risk logons could be doable. |
|
| |