06 August 2020
(update 31 Aug 2020: add Prop 24 info and Adweek Magic Link)
Things that people are bad at:
remembering strong passwords
choosing and using different passwords on different sites
Things that most sites depend on for their security
- (see above)
Things that will cost you $750 each if you mess up on managing them:
- passwords (source: How Prop 24 Further Protects Californians from Identity Theft)
So avoiding passwords is going to be more and more of a thing. Here's a list of ways to avoid doing passwords (or make the password optional)
Email login link. You type in your email address and it sends you a link to log in. Red Hat Mugshot did this, a while ago. Today. it's implemented nicely at Adweek, where they call it "Magic Link".
ssh to log in. You give the site your ssh public key when you make your account, then to start a session you ssh to a service that gives you a URL containing a session key.
$BROWSER $(ssh login.example.org)
QR code. If you are already logged in on one device and want to log in from another one, scan a QR code with s33krit crypto stuff in it, like Keybase.