---

blog: Don Marti

---

Passwords

06 August 2020

(update 31 Aug 2020: add Prop 24 info and Adweek Magic Link)

Things that people are bad at:

  • remembering strong passwords

  • choosing and using different passwords on different sites

Things that most sites depend on for their security

  • (see above)

Things that will cost you $750 each if you mess up on managing them:

So avoiding passwords is going to be more and more of a thing. Here's a list of ways to avoid doing passwords (or make the password optional)

  • Email login link. You type in your email address and it sends you a link to log in. Red Hat Mugshot did this, a while ago. Today. it's implemented nicely at Adweek, where they call it "Magic Link".

  • ssh to log in. You give the site your ssh public key when you make your account, then to start a session you ssh to a service that gives you a URL containing a session key. $BROWSER $(ssh login.example.org)

  • Log in with GAFA

  • QR code. If you are already logged in on one device and want to log in from another one, scan a QR code with s33krit crypto stuff in it, like Keybase.

Any more?