Logging in without a password

Martin B on gHacks recently reported on how the popular site Medium (my Medium page) has added another login option that avoids using passwords. You sign up with your email address, the site sends you a link which logs you in, you set up your profile and start contributing, when you’re done you logout. Next time you want to login, you enter your email address and it sends you a login link and so on…

no-more-passwords

It’s funny though, I’ve been using this approach for other sites for several years as a way to not have to remember or store passwords for those sites. If the site has a password reset function that sends back a one-time login link, then you can do the same thing as Medium is implementing. Works best with those sites that let you use the one-time login without forcing you to then create a new password and verify etc.

It could be so easily implemented on any site. It’s a bit like using the two-factor authentication tools that send you a text or ask for an “Authenticator” code once you’ve entered your username and password, except this avoids having to enter a password first…

In fact, why do sites that have two-factor actually need you to enter your password at all, they just need your username to email or text you and then open a link into which you plug the PIN that quickly times out from your authenticator…