▲ | rtsil 3 days ago | |
I used to think the same thing, and I still want a login/password alternative for me. But after seeing normies use online accounts and the trouble they have with password managers, I realized one of my friends had the most secure process: she would create extremely high-entropy passwords everywhere, but not remember them. Once she's logged out of her sessions after a couple of months, she uses the password forgotten link to generate another password, and so on. So her passwords are never stored anywhere, she's immune to many login stealing phishing attempts through genuine-looking fake websites as she can't enter the password, she doesn't have to deal with syncing the passwords between all her devices, and she doesn't have passwords on a post-it on her workstation. And she also doesn't get those annoying emails saying "your password is 6-months old, please change it or else!". The email auth flow is a simplified and more efficient way to achieve the same outcome. | ||
▲ | dietr1ch 3 days ago | parent [-] | |
yeah, I find it annoying, but it's a simple way of making something secure, piggyback on something that already made a decent effort at trying to being secure enough. |