Passwords

06 August 2020

(update 31 Aug 2020: add Prop 24 info and Adweek Magic Link)

Things that people are bad at:

• remembering strong passwords

• choosing and using different passwords on different sites

Things that most sites depend on for their security

• (see above)

Things that will cost you $750 each if you mess up on managing them:

• passwords (source: How Prop 24 Further Protects Californians from Identity Theft)

So avoiding passwords is going to be more and more of a thing. Here's a list of ways to avoid doing passwords (or make the password optional)

• Email login link. You type in your email address and it sends you a link to log in. Red Hat Mugshot did this, a while ago. Today. it's implemented nicely at Adweek, where they call it "Magic Link".

• ssh to log in. You give the site your ssh public key when you make your account, then to start a session you ssh to a service that gives you a URL containing a session key. $BROWSER $(ssh login.example.org)

• Log in with G.A.F.A.

• QR code. If you are already logged in on one device and want to log in from another one, scan a QR code with s33krit crypto stuff in it, like Keybase.

Any more?