
Ask HN: What's a better alternative to Passwords? - WhyDoPeople
We had a huge issue come up at our company. We will have to ask all our users to change their passwords.<p>Dealing with this, I&#x27;m lead to the conclusion that servers should not contain login information the way we currently are. I think something like a public&#x2F;private key pairing may be better. But I&#x27;m just swinging in the dark here.<p>What are some better solutions for Account Authentication?
======
stupidgeek314
[https://developer.mozilla.org/en-
US/docs/Web/API/Web_Authent...](https://developer.mozilla.org/en-
US/docs/Web/API/Web_Authentication_API)

[https://www.grc.com/sqrl/sqrl.htm](https://www.grc.com/sqrl/sqrl.htm)

------
bigiain
If losing all the user table with it's "password" column is requiring you to
"ask all our users to change their passwords", you're probably doing it wrong
- and switching to some less well tested auth mechanism without the expertise
to get that right either is probably just trading vulnerabilities...

(If you're just requiring password changes out of an abundance of caution even
though you're properly using bcrypt/scrypt/pbkdf2 - then my comment above is
less relevant.)

