A while ago I read an interesting article about passworld-less logins (Is it time for password-less login?). I thought that it was very interesting to see how some people try to change a thing that is so habitual for us that we think it's impossible to change. And the truth is that a web without passwords would be a better web.
The most basic system is based on this steps:
- You use your mail to login.
- The service sends an email to you with a link that authorizes your device.
What about registration?
Well, in fact this is the procedure that is used right now to register in the majority of websites. You enter your mail, your password and the service sends a validaiton email with a link. Remove the password and use this aproach every time you wan to enter the website, it doesn't matter if it's the first or the third time.
I don't want to go to my email every time!
You don't need to go every time. The website authorizes your device, via cookies on web browsers or tokens in applications. You just need to go to your email when you are in a new device.
It's even more secure
Without a password, you could revoke the acces to your accounts to all devices (something like what makes twitter with the third party apps) and then you are sure that only your devices can acces to your accounts. Even the service could automatically expire the authorization once in a while.
Yes, we are kind of cheating
You wouldn't need to remember any password... well, it's not turth because you would need at least have a protected acces to your email account. But it's just one password. In the other hand, you don't think that it's dangerous because someone that has your email password could access to all your accounts because, yes, the same can happen right now.
The cool part is that this is what almost every one does unconsciously in some webs. When you forget your password you have to click a link in the website that sends you an email to allow you to recover your password. Well, again, it's the same but without the password ;)
As this article says (Let's Boycott Passwords) we can, kind of, use this system right now. When a website asks you for a password, type some random letters and just go to your email an acces the web. Try it ;)