
A bold but simple login system - fufulabs
http://notes.xoxco.com/post/27999787765/is-it-time-for-password-less-login
======
haldean
This would drive me up the wall. I don't want to have to sit in my mail
client, waiting for it to pull down the message that may-or-may-not have
arrived at my mail host yet, when it's incredibly easy to use a password
manager for everything without having to leave my browser. He bemoans the
number of controls you need to interact with to log in, but to get to log in
with his method, I need to put in my email address (or take the time to find
it in the list), interact with whatever control submits the form, switch to my
email client (at least 1 control, probably more), refresh it to get the most
recent messages (perhaps more than once), open the message, click the link, go
back and close the window I used to start the login process in the first
place, then switch back to the window with the app in it. Seems far more
complex.

I don't buy his premise, either; he claims you need to interact with "6
different controls" to log in to Facebook, but (a) you only interact with 4 of
them and (b) that's only the first time you log in from that computer. He's
trying to solve a problem I have never experienced. I'm curious to see if
others have felt overwhelmed by the number of controls on login forms; this is
a problem I've never had.

~~~
jobu
The idea here is you only need to log in on a device once (or as often as you
delete all your cookies). After that the site would remember you, so there
really wouldn't be that much waiting on emails to arrive.

Definitely not something I would want for my bank account, but who cares for
logging on to a support forum or some other trivial account.

~~~
Killswitch
So why not just make the session last forever the same way, but using a
password instead of requiring me to login to my email and click a link? I
logged into Facebook the first time and as long as I didn't delete cookies, I
could go to Facebook on that device today, tomorrow, next week, next month,
next year... And never have to put my password in again.

This just adds more waste...

~~~
jobu
Some people despise Facebook, but nearly everyone online has an email account.

Personally I would implement Facebook connect and have this email login system
as an alternative.

~~~
Killswitch
Not really saying Facebook, but using Facebook as an example. They keep the
session alive until you either delete the cookie, or the session from your
control panel. Why deal with this email method when you can just keep the
session alive forever unless they logout or delete cookies, after they have
typed their password in?

------
zdw
Someone needs a history of internet mail. It was never designed to operate in
real time or be fast, whereas people expect logins to be fairly quick.

Also, using an email backchannel and one time keys moves the security from an
encrypted connection (assuming SSL) to an unencrypted SMTP connection anyone
can view...

Back in the good old days of UUCP you might wait a day or two to get mail from
across the globe...

~~~
lgbr
Who really cares what it was designed to do? The fact is, almost the entire
userbase is going to receive that email before they can switch tabs to their
email inbox. So even though it wasn't designed to be immediate, it is in
practice, and we have a whole list of technologies that we use despite intent
(HTTP wasn't designed to be stateful, and yet we use it as such constantly).

Mail transmitting is only sometimes encrypted, which is disappointing, but
I've yet to hear of an instance where a user account was compromised when the
forgotten password link was hijacked by listening to the wire between two mail
servers. If it really is a problem, this could also be mitigated easily by
only allowing the link to work on the browser that initiated the request.

Frankly, though, I'd love it if this system were implemented if for no other
reason than to encourage mail servers to enable TLS on their SMTP backend.

~~~
therandomguy
I have had to wait couple of minutes for the email show up in gmail or few
minutes for it to be delivered to outlook.

------
masimpson
The logic behind this system isn't terrible. But as others have pointed out,
it still relies solely on a third party. And while it's true that exposing the
entire user list would not give an attacker much in the way gaining access,
it's still a leak of trackable information. I think a more secure solution
would be to model an authentication standard after public/private key
encryption. If all browsers would endorse it, the interface would be
remarkably simple.

Present the end-user with a certificate management dialog when they open a
browser for the first time. That would allow them to either browse for an
existing certificate or create a new one. After one is created they're given a
copy which could be used in any other browser at a later time. From that point
on, each time a Web server requires authentication it could be handled behind
the scenes. No log on page, no passwords, no user names; only aliases and a
push button start. Signing up would become a one click affair, as well. Press
the button, and the browser sends the public key to the Web server. A site
gets hacked? Big deal, there are no vulnerable hashes -- only public keys. You
would never be required to remember anything more than backing up your
certificate. Worried about recovery? Do what you would do with SSH. Pop the
cert on a thumb drive and hide it. Hell, even create a feature in that
management dialog to do it for you.

This of course would require a large standards body and the involvement of
every major browser company. But in the end, it would be easier.

------
jsmcallister
I had to read this article twice to make sure I was understanding it right. I
honestly see zero benefit in this approach. It does not speed up the login
process at all. The only thing it accomplishes is not requiring the user to
remember a password. Additionally, it puts way too much power in the hands of
random email servers. What if my email system at the office goes down for a
few hours. Am I locked out of all websites too?

I do agree with his point that memorizing passwords can get cumbersome,
especially with different sets of rules for different logins. However, the
majority of people store their passwords in their everyday browser or just
stay logged in indefinitely.

The real solution to "doing away with passwords" lies in recognition
technology on devices. What if my keyboard could recognize my identity and
pass that along to _authorized_ sites as login credentials? What if my iPhone
could do the same? I'll defer the argument of privacy in visiting sites where
you don't want your identity revealed for another time.

~~~
bluesnowmonkey
You only get locked out of a website if you delete your cookies while your
email provider is down. How often does that happen?

This idea doesn't speed up the login process, but it accomplishes a few other
useful things. The server doesn't store passwords, so a breach of the server
doesn't compromise other services for which users had duplicate passwords. And
users can't compromise their own accounts by choosing weak passwords. Both
scenarios are commonplace.

~~~
Fishkins
To be fair, the user can still compromise all their accounts by choosing a
weak password for their email account. It does reduce the onus on them from
coming up with dozens of (hopefully) unique, strong passwords to one, which is
certainly an improvement.

------
crcsmnky
What's the overlap of users who (a) have trouble with login forms and (b)
leave their email open all the time (whether browser or dedicated app)? This
relies on a very high level of comfort with email and context switching.

This could potentially introduce an increase in spam if users are now
instructed to click on links in emails blindly as long as they match a site
that they're familiar with.

Leaving one app/tab for another seems like bad UX to me. This doesn't seem any
better than the OAuth dance, even if it uses a much more seemingly familiar
mechanism.

~~~
Nav_Panel
This seems more ideal for mobile devices. Enter name -> email notification
almost immediately and use that to log in. I personally think it would be
easier and faster than attempting to enter a password using the on-screen
keyboard.

------
dazbradbury
On OpenRent [1] we're using the Google Identity Toolkit [2]. We're finding
that in our current configuration it works extremely well, even for non
technical users.

It offers password-less log-in, and also remembers your username/email client-
side. The only issue is lack of support for facebook/twitter log in out of the
box - but that is apparently in development.

It doesn't seem to be widely adopted, and that is possibly due to the reliance
on Google servers it adds to your service. Whether that comes back to haunt us
or not I don't know - but I have a backup system in place in case GITKit does
stop working!

[1] - <http://www.openrent.co.uk>

[2] - <https://developers.google.com/identity-toolkit/>

~~~
richardburton
Great site! Sadly I got an error trying to log in with Google.

~~~
dazbradbury
Ouch - I don't seem to be able to reproduce it but we'll take a look. Do you
mind emailing me on [redacted] to discuss?

~~~
richardburton
Will do now :)

------
sturadnidge
I honestly don't understand a lot of the comments in here. For starters, many
websites (eg Twitter) require email confirmation for new signups and password
resets. This is not so different, the UX related commentary is superficial at
best. After the initial activation / a reset you're back to cookie based auth,
just like most sites.

Second, there is not a single mention of the biggest problem with passwords
currently: the apparent inability of many sites to store them securely. I'll
take this method of authentication over a password based one any day for
probably 90% of the sites I have an account with currently. Especially sites
like HN (not implying insecure password storage on HN - just saying for any
forum based sites, it's more than adequate IMHO).

------
javajosh
Ben, I like where you're going but I think we need to go just a little bit
further to make it viable. In particular, it's email that's the weak link (so
to speak). But it's entirely possible and desirable to replace email with
something that has emails positive qualities without it's drawbacks. I'm
thinking a secure, realtime channel to which only you have access, and a
notification system that let's you see (on all your devices) what got posted
there. Anyone (or anything) in the world can post to it, and they are
guaranteed that you'll get first crack at the data. (In this case the data is
a one time URL).

What sort of thing represents a secure, real-time channel to which only you
have access? Note that, unlike email, we are not interested in queueing
messages in this channel. My first thought runs to a public URL, a place where
anyone can post anything, and it will appear on all your devices (possibly
within the browser).

So basically as long as you maintain credentials to access that channel, sites
have a good way to give you a one-use login URL.

In an ideal world, you're browser would have a password protected private key
and knowledge of what your personal URL is. All sites requiring login would
ask the browser for that URL, and the site would send a one-time login URL to
the channel URL, and the browser would be smart enough to just follow the
link.

Bam, login nirvana.

------
woah
OK, so i am going to go out on a limb here and assume that this WILL piss off
a portion of your users.

That being said, can it work "halfway"? It seems the main benefit of this
approach (from a UX standpoint, disregarding security etc.) would be to
simplify things for people who always use one device and forget and reset
their passwords all the time anyway.

What one could do is to simply reverse the prominence of the "enter password"
and "reset password" steps of your login flow.

Enter your email, and get a big fat "Get Login Link" button below the field.
Next to it is a small link that says "use password"

------
carsongross
For most cases, I think the ideal is identity tied to the device/browser via
an email address:

<https://login.persona.org/>

~~~
agilebyte
Exactly. As a developer I get back the email address of the user that has
authenticated with the BrowserID server. That way it is easy to build a list
of authorized users.

I suspect they will make a browser specific login workflow in which case you
would not even need to be presented with a form asking you to auth as a user.
Your browser would know your credentials already (which I guess is similar to
login details autocomplete).

------
MatthewPhillips
This is how Staticloud[1] works. You put in your email address and receive a
log in link. You never have to register; registration and login are the same
process.

[1] <http://staticloud.com/>

~~~
swah
Very interesting idea! Although I'm not sure that it would actually make it
easier for users that don't do tabbed navigation (mom) to log from a
second/public computer.

So, if elegant for power users, and 'not easier' for mom-users, should we
implement it?

~~~
MatthewPhillips
I agree that the UX isn't perfect, but neither is our current login/password
system for every site. For me personally, if I don't use a site regularly my
login process turns into: click forgot password link, check my email, reset
the password, then login. Then again the next time I visit the site 3 months
later. So if that's what we're going up against, the email to login session
flow isn't too bad.

------
lorewarden
I remember being intrigued by Google's "Sesame" experiment (covered on HN at
<https://news.ycombinator.com/item?id=3469692>) where they logged you in via a
QR code processed via your mobile.

Relying on something you have (mobile phone with a trusted app on a trusted
network) instead of something you know (passwords) can be an interesting
choice. Ideally you'd require both (something you know _and_ something you
have), but we want to avoid passwords.

------
sirwitti
First things that come to my mind are privacy problems. This autocomplete
would make it really easy to find out whether a person uses the service.
(dating sites, porn sites, torrent sites, political sites,....). Additionally
if the ologin happend only via the mail address, you could collect email
addresses very easily from many websites.

Anyway, I like the idea of questioning the current way of user authentication!

~~~
ajanuary
There's always the argument that the register process leaks the same data. But
having it appear in a dropdown makes it easier to incidentally see someone you
might know.

------
mandeepj
I also felt login process should be simplified. I got two types of
registration forms at my new website (www.survenator.com) - one is express
where user only enters their email address and a highly secured password is
email to them. Other is the complete registration form. Although the form is
still kept very short. Users can change their passwords\other account
information anytime.

Express registration may work for well for those who have hard time coming up
with strong passwords or don't want to think about a password while doing
another new registration. We started this feature as an experiment and will
evolve\refine it based upon the usage.

Once the user confirms their account if they selected "remember me" checkbox
then we don't require them to login, we just check for authentication cookie.

I do not agree with the author regarding his vision for "password reset tool
feature to send the link in the email". Sometimes users want to take control
of their password and do not want to remembered for security reasons.

------
maxlemons
I've been working on a demo of something similar. It's a work in progress, but
I've got it running at <http://nopassword.alexsmolen.com>. Code at
<https://github.com/alsmola/nopassword>.

Not only can you register and login with only and email, you can review and
revoke your active sessions.

People who are complaining about the speed of email - the session could last
indefinitely until you log out, which would reduce the number of times you had
to perform the ceremony. Plus, think about the benefits of this when you need
to authorize a TV, phone, etc. You can simply visit a link in your email
instead of copying and pasting or typing in those form factors.

I'd also like to integrate SMS to support optional dual-factor authentication,
which should get help fix the single point of trust problem.

------
mollstam
Sending link to e-mail is exactly as dependent on third party as OAuth.

Non-power users (11 yo kids) maybe don't always have their inbox open/session
active.

Best case scenario with one e-mail entry for multiple devices stand in
conflict with link only being usable once.

Don't get me wrong, I think passwords are horrible but this post was just made
in too much of a hurry.

Interesting topic!

------
freshhawk
Am I crazy in thinking that this whole problem should have been solved a long
time ago by making password management a responsibility of the browser, either
by baking it in or mediating the exchange?

Combined with a simple standard for credential exchange (get request to
example.com/login to get the list of required fields, post to
<https://example.com/login> to login. Or more likely, some existing standard
that handles more cases and is already thought out) this whole annoying
problem is no longer affecting every person who uses the web.

Is it too late for this? I feel that it probably would be very difficult to
make this work now, it's too late and the browsers wouldn't go up against
google and facebook who now want to own and track your identity.

That makes me sad, that kind of stagnation cuts off whole important areas of
progress for web users.

~~~
superkarn
Check out Mozilla Persona (used to be called BrowserID).

<https://login.persona.org/about>

~~~
freshhawk
Yes, I remember that.

Ugly solution that didn't expose a UI for sites that didn't support it and
still had plain username/password forms. So it's completely impossible to
bootstrap this by making some of the features useful to browser users before
it was widespread.

Needed a js library because it worked at the wrong level of abstraction and
put browserid.org in the middle of the transaction for no sensible reason
(well no sensible technical reason but a perfectly sensible political one).

This was not developed by someone thinking "how can we solve a problem our
users have" but by someone thinking "it would be advantageous to be in the
middle of login transactions and there is a user problem we could bolt that
functionality on to".

~~~
natrius
The persona.org middleman is only used when your email provider doesn't
support BrowserID. It is temporary.

It is useful to browser users today. You don't have to remember a new password
for each site or become less secure by giving the same password out to
multiple sites. I'm going to use it on the next site I build.

~~~
freshhawk
I should have been more clear. I don't like browserID because there is no
route for this to become widespread except for "a significant portion of sites
implement this".

You know that saying about any spam solution that begins with "well first we
change email" is a stupid solution? Same issue here.

First you need a good password manager front and center in the browser. Then
you start augmenting the experience by allowing better integration with the
password manager through some standard. If the user already uses the
functionality for every site and the experience is better on sites that
implement the standard then you might actually see real amounts of
integration.

~~~
natrius
As a web developer, I think that using BrowserID in its current state without
browser support is better than implementing my own authentication. As a web
user, I'd prefer to use BrowserID to sign up for sites than use individual
authentication systems. A system that is better for developers and better for
users has a clear path to adoption.

~~~
freshhawk
I agree. BrowserID is a good authentication solution.

It's not a solution to the problem we're talking about though, I'm complaining
about a lack of solutions for easy credential management.

Once everyone implements it then sure, you only need to remember your email
password. Unless you have multiple personas, then you'll have a bunch of
passwords. And realistically there will be a lot of sites that have different
systems or antiquated username/password forms.

So aren't we back were we started? I need a password manager and I'd like my
browser to be aware of my password manager and help mediate. BrowserID would
be a great place for it to send the appropriate password for sure.

------
IceCreamYou
I actually implemented a system very much like this on an internal company
network recently. For that purpose, it worked great. I don't think it would
work in an open, public context, not least because an attacker can force your
site to spam its users. However, when you are going to stay logged in forever
on basically the same devices, having an email-based login system without a
password is no more pain for the user than a verification email (since that's
all you're doing anyway). Essentially you're relying on the website to
generate a local, device-specific, secure password instead of requiring the
user to create and remember a (likely insecure) password themselves.

------
Sami_Lehtinen
Why accounts should have anything to do with email or email address. It's bad
policy and I hate it. We all know that email isn't secure. For many sites I
would like to disable password recovery due these inherit security issues
related to email. If you ever login to Gmail, after that you have always clear
all cookies and cache data and possible super cookies. After that you would
need to login (again) to email to uh oh, access other sites. Afaik this is
super bad idea. Naturally you could save the link as bookmark, which would
work. But security would still suck.

------
stcredzero
Apple should augment a single sign-in mechanism with a transparent 2nd factor
embodied in the iPhone. This would result in your being automatically logged
into any participating site while using Safari on the same LAN as your iPhone.
The mechanism would fall back to the traditional password if you don't have
the phone. Bluetooth could also be used to communicate to the hardware.

The hardware would only run signed Apple firmware and be separated from the
CPU and most of the rest of the device, except for access to radios.

~~~
drivebyacct2
Google already does this with Chrome and Google websites.

I don't have to enter my second factor with credential or even my password
when using Gmail from my phone, tablet, laptop or desktop.

~~~
natrius
At this point, I actively seek out Google account login options. It is so
incredibly pleasant to use on Android.

------
drcube
Outside of transfering money, I think you should structure your site so that
logins are not necessary. For example, if I wasn't the only "drcube" on Hacker
News, I wouldn't be upset. Names in meat space aren't unique, why should we
expect them to be on the web?

Next time you think about starting a web service (that doesn't handle money!),
think about what you lose by getting rid of user accounts entirely. It
probably isn't much.

~~~
javajosh
_> think about what you lose by getting rid of user accounts entirely. It
probably isn't much._

This gets to the heart of identity! It often doesn't matter. For example, one
could clone HN using anonymous accounts. You'd give up only karma and
connection between messages. It would be, essentially, something like usenet
where you have a choice to "brand" every message you send with an identity -
or not. Let's call this "Broadcast Identity".

Then there is something else which is your "Legal Identity" and it's the one
most closely associated with all things money. It's the one that you need to
deal with financial obligation, going in both directions. When you buy
something, you want it to come to you, not to some one else.

Interestingly, I don't think that targeted ads really care about the
connection between Broadcast and Legal identity. This implies that, no, you
probably won't lose much by losing user accounts.

Actually, I take that back. The one thing that sites want and need is a way to
proactively contact you. Aha! I think I just stumbled on the real reason we
keep logins around - to get the email address, so we can send newsletters,
reminders, etc. To prod the user into using our service more. To remind them
that we exist, to be obtrusive, because our value isn't intrinsically strong
enough to remind them.

------
uptown
A way to streamline this even further might be to pair it with a browser
extension designed to poll your inbox for these specific messages. When
received, the extension could handle the login step, eliminating the need for
the user to jump to their inbox for the validation email. I'm not sure if that
kind of extension could be created so that it didn't compromise the security
of your inbox.

------
kevinSuttle
I don't think it's the order of the elements, I think it's the combination of
the elements and the process of entering them. See Ford's (yes Ford's)
experiment for proximity based automatic login/logout with your phone.

[http://www.fastcodesign.com/1670097/ford-schools-apple-
with-...](http://www.fastcodesign.com/1670097/ford-schools-apple-with-clever-
phone-login-appwait-what)

------
Johngibb
I definitely find this topic interesting and have a hard time remembering all
my passwords, but I'm not fan of this solution. Honestly, how isn't this just
a worse implementation of OAuth? It seems equivalent to clicking a "login via
gmail" button, except with more of a lag?

~~~
Fishkins
The main other difference I can see is that one button actually functions as
"login via gmail, hotmail, yahoo mail, or any other countless email
providers", and no work needs to happen on the email provider's end to make it
work. Lots of people don't want to sign up for FB or Twitter, but basically
everyone has an email account.

------
spartas
Here's an idea, if you allow me to choose From a list of users, then I'll
continuously "spam" other users' inboxes with login link messages.

We could suggest that Facebook implement something like this. Seeing a login
control containing 950MM names would be rather comical.

------
empire29
At a very high level, I like this idea. It would be great if there was browser
support to super-persist the auth tokens (cookies) through cookie-clearing and
also sync between browsers on machines -- most likely via a browser plugin.

------
agscala
So going from a "bad" login form with 6 controls to a "simpler" login where I
now have to interact with the site's form, my browser, and my email client is
somehow better?

This is just silly and a login form like this would drive me crazy

------
Spoom
This means the second someone loses access to their email account, they lose
access to every account on every system attached to it via this method. I'm
not sure introducing a single point of failure is a good idea.

~~~
zerovox
This is true already for pretty much every website that lets you recover
password by email, and most allow this. Any that use a secret question
wouldn't switch to this scheme anyway. It reduces the hassle, as if your email
got compromised, and they change passwords to all your other accounts, you
have to regain access one by one, changing passwords back and so on, when with
this email system, you can just regain access to the email account and the
rest are under your control again.

------
rocky1138
Sending people away from your website in order to access your website is bad
UX.

------
renas
Passwordless authentication done right is a subject in here, try to break the
auth and let me know...

<http://news.ycombinator.com/item?id=4291856>

~~~
aaronharnly
An invalid SSL cert is already broken auth.

------
bbwharris
I personally think this could work. The big show stopper occurs on a shared
computer. It would be annoying to get logged out of a service daily and have
to request a new email link to log back in.

------
shyn3
Thinking of it for enterprise users it could really work.

Enterprise users seem to be on Outlook all the time checking their e-mails so
this would work if you can't tie your passwords into AD/Exchange.

Maybe have an option to have a token that can be entered or a link clicked.

I get all my e-mails on my phone so if I received a code that I can enter in
my phone that can work. I could also click a link in Outlook and be logged on.

Now if someone has my phone which is receiving my e-mails and they enter the
e-mail on a website and receive the secure login we got a big problem. I don't
know how to get around that.

Interesting discussion, but some flaws. I would think it requires some sort of
2-factor auth to save people whose e-mail addy is compromised.

~~~
bdunbar
_Now if someone has my phone which is receiving my e-mails_

At work we have a policy that smart phones are locked by a PIN. No PIN, no
email.

This is not ideal: no mechanism to enforce 'good' PINs, force a user to change
them on a regular basis.

~~~
shyn3
Good point.

------
ef4
Please, somebody figure out how to get us over the hump to the bright future
day when we all have asymmetric keys embedded in hardware and we can leave
passwords behind.

~~~
zdw
Please, somebody figure out that when you embed asymmetric keys in things,
when people lose those things they'll get really angry

or

Please, somebody figure out that when you embed asymmetric keys in people's
bodies, we'll end up with a lot of geeks with their hands hacked off with
machetes.

~~~
kleim
"Hacker" would have a really different meaning then...

------
kbatten
I have a text document on my computer that lists all the websites/programs
with username/password. I also use autocomplete (which IMO is basically the
same as having a document with all passwords.) I can have unique passwords for
every single website without relying on a third party cloud solution. And for
the passwords I use often, I have them memorized anyway.

If something is compromised (which has happened) then I have a list of every
single site where I have an account, and can change the passwords.

A side benefit to this is if someone needs to access something (most likely
while traveling, or if I'm dead) all the information is there for them.

~~~
natrius
How is your solution better than a third-party cloud solution?

~~~
nsmartt
One obvious benefit is that you aren't trusting anyone else with your
passwords.

~~~
natrius
Reputable password sites can't unencrypt your passwords. You trust the site to
not have XSS flaws and to not be malicious. Outside of banking and email
passwords, that doesn't seem like a huge risk.

------
pbreit
The problem with "solutions" like these is that they start with faulty premise
that "passwords are broken". This particular idea sounds like death by a
million cuts.

~~~
rogerbinns
Read this article from a few years ago
<http://www.uie.com/articles/three_hund_million_button/>

It is titled "The $300 million button" and details actual user experience at
an ecommerce site. Note how many users even know what email address they used,
how many got the password right, daily password resets etc.

~~~
pbreit
That article indicts registering to purchase and has almost nothing to do with
the password topic in question. Can you imagine having to wait for a login
email every time you tried to make a purchase? Ugh!!

------
jjm
I don't want people knowing what services I signed up for even if mainstream.
Anytime you leak any user info you potentially weaken security.

------
spullara
This could really work well paired with an phone app that gets notifications
instead. I use a VPN system that works like that.

------
lukeholder
having the user select field list all users is not so bad, but the email a
login link is a terrible idea, this is a break is workflow worse than a
password.

Even most incompetent users like my mum save their password into the browser
keychain so it ends up bring only a single click anyway.

Things like browserID are solving this far more simply.

------
dewey
and you still need a password to access your email account. let's assume you
are at a friends place and want to login somewhere...you have to grab your
phone to get your secure webmail password, login on gmail/etc. click the link.
a real timesaver...

------
therandomguy
What happens when multiple people use a device? Like iPad or family computer?

------
skue
So what happens when someone's email account is compromised?

Currently there's a fair chance that the victim can reset passwords and change
contact info for their online services before the hacker bothers to do so. But
this would be impossible if email were used as the sole form of
authentication.

~~~
andrewmccall
The same thing that happens now. Malicious user can recover/reset their
password.

I'd assume that if you used the email to login and since the article talks
about also using cookies with expiry dates in the future the codes in emails
would be single use.

------
pknerd
What if someone forgets the password of email system? :)

------
drivebyacct2
This _exact_ system was just on the front page last week.

Just use BrowserID.

