
360M Reasons to Destroy All Passwords - albi_lander
https://medium.freecodecamp.com/360-million-reasons-to-destroy-all-passwords-9a100b2b5001#.o6s57f2gf
======
mpbm
The argument for passwordless authentication reminds me of crash-only
programs. Basically, if you have two modes of operation, a normal mode and a
recovery mode, then why not just use the recovery mode for everything?

The next step, which a lot of skeptics don't take the time to think about, is
that you can easily combine multiple channels when doing passwordless
authentication.

So, one-factor is to send a magic link to your inbox. A second factor would be
to also send a link to your phone. a third factor would be to also send a link
to a friend's phone. That would prove that it's your inbox, your phone, and
that you trust that friend. You're adding entropy by adding channels instead
of characters.

Even if someone managed to use technology to stand in for your inbox and your
phone, and took over your account. You could still recover it by having your
friend vouch for you, because that's a whole 'nother layer of complexity the
attacker would have to overcome to convince your friend not to trust you.

------
tglynch
The proposed solution of email auth seems slightly more inconvenient than
having a password though which may make it difficult to catch on. However once
everyone sees the consequences of being hacked maybe they will agree to use it
and see it become a standard.

The email could also include a one-use code so you could receive the email on
your phone and use the code to log in on your friends computer, saving you
from having to log in to your email on your friend's computer.

An issue that springs to mind though is whether emails are a secure enough to
trust with the power to login.

