

Ask HN: Any obvious disadvantages to password-less, email-only login? - spurofthemoment

An idea suggested several times here on HN is the idea of password-less logins: You enter your email address and receive an email with a unique link (valid for an hour or so) which, when clicked, will log you in and allow you to stay logged in for e.g. two months.<p>This would not work for really sensitive stuff (e.g. banking) where you need to log in each time you visit the site, but for normal sites it&#x27;s really user-friendly.<p>My question is: Are the any disadvantages to this model? The only one I can think of is the situation where you&#x27;ve deleted your old email address and some time after that have to log in to a website that uses password-less login. But that is probably a rare occurance and could be fixed by contacting support.
======
chewxy
Check out Fork the Cookbook[0], which uses such a thing. The main complaint
(about 10 each week) is that people expect to have only one password. It's not
really as user friendly as you think

[0]: [http://forkthecookbook.com](http://forkthecookbook.com)

~~~
spurofthemoment
_people expect to have only one password_

Fork the Cookbook emails the user a password, but that's not what I'm
suggesting. What I'm suggesting is completely password-less: You receive a
link like [http://example.com/log-in/0039392030202](http://example.com/log-
in/0039392030202) in your email and just click that to log in and stay logged
in for e.g. two months.

~~~
gdewilde
2 months?

~~~
spurofthemoment
Or something similar. The important thing is that they shouldn't have to log
in each time they visit the website, because then using email would cause the
login process to be too slow. Again, using the password-less login for
websites with sensitive data (such as banking) wouldn't work, since those
sites require the user to log in for each session.

------
antonwinter
we used this on a project. it works pretty well.

a few obvious, but ok issues are.

1) if the person uses a computer where they dont have access to their email
its a problem

2) the person forwards the link to others to use

3) sometimes emails get delayed

lastly a less obvious issue

4) people expect to use username/password, which means most of the users we
had, had to be educated on how to log in. even when it clearly said what they
had to do.

------
gdewilde
check out Persona [https://login.persona.org](https://login.persona.org)

~~~
spurofthemoment
Persona is a no-go for me - I just don't believe that it will ever take off
now that Mozilla has put it in maintenance mode. Mozilla has vowed to keep the
servers up, but other than that they don't seem to be doing anything to
further Persona's mainstream adoption.

------
Mz
If you use multiple different computers, especially public computers, you
won't stay logged in for two months (or whatever). This is not necessarily a
big deal assuming you don't have a problem with them logging in over and over
and over. It won't necessarily be that big of a convenience to such a person
and might make them very self conscious of their lifestyle difference (for
example, they are poor and only log in on public library terminals which have
a time limit -- your assumptions about computer usage are kind of upper class)
especially if, for some reason, you decide that their difference in usage
makes them "suspicious" (a common occurrence for the underclass) and begin
making life more difficult for them simply because their usage differs from
the scenario you expected.

