Ask HN: What's a better alternative to Passwords?

[WhyDoPeople]

We had a huge issue come up at our company. We will have to ask all our users to change their passwords.

Dealing with this, I'm lead to the conclusion that servers should not contain login information the way we currently are. I think something like a public/private key pairing may be better. But I'm just swinging in the dark here.

What are some better solutions for Account Authentication?

[stupidgeek314]

https://developer.mozilla.org/en-US/docs/Web/API/Web_Authent...

https://www.grc.com/sqrl/sqrl.htm

[bigiain]

If losing all the user table with it's "password" column is requiring you to "ask all our users to change their passwords", you're probably doing it wrong - and switching to some less well tested auth mechanism without the expertise to get that right either is probably just trading vulnerabilities...

(If you're just requiring password changes out of an abundance of caution even though you're properly using bcrypt/scrypt/pbkdf2 - then my comment above is less relevant.)