Ask HN: Unique URL authentication
I read a post not long ago how posterous only requires you to send an email(with the users first post) to create an account.
I admired the simplicity (from the users perspective) and pondered the ways we could just stop asking people for information and just use our apps.
And I believe, for a great many apps, the bare minimum you need is an email.
Which brings me to my question, why bother asking the user to login, why not email them a unique, random, url (a https one of course) that once clicked authenticates them. The idea being that only the user would have access to it(or anyone with access to that email account).
Stupid idea? Any obvious holes I'm missing?
18 comments
[ 4.7 ms ] story [ 54.3 ms ] threadSending a login link also gives them something to keep. And if they come back years later(after just using) it should be easy for them to re-authenticate.
Even if you are not into dating, do check their site out... They actually have all sorts of nice stuff on their site - their labs section and blog are also very interesting if you like stats and data/analysis.
I think most sign-up forms are designed out of fear - fear of spammers and fear of people quitting the software. Forcing a user to fill out pages and pages of info isn't going to make them more loyal to your site, it just annoys them. It also won't stop spammers - they are just as creative as you are.
So let the user use your site (perhaps flagging changes such as comments as pending) but send them a link to authorize their site. Once they've done that, their changes go live and they can fill in the info you need of them. By doing an action (such as commenting), they have proven they are interested and they are much more likely to want to finish the registration process.
Edit: On second read-through, I see you might be talking about replacing a login with a URL permanently. I don't like this idea as much as it's a lot easier for me to remember my username/password than I am a unique URL (that's complex enough to not be easily guessable). If you don't want to manage the login process, use an openID provider (and Facebook connect, Google Login, etc).
Which brings me to my question, why bother asking the user to login, why not email them a unique, random, url (a https one of course) that once clicked authenticates them. The idea being that only the user would have access to it(or anyone with access to that email account).
* Your password is never stored in a list of bookmarks
* Your password isn't permanently stored in email
* Those password-change random URLs that get mailed to you expire
* Your password is never logged in standard server logs
* Your password isn't a part of your browser history
* Your password isn't 45 characters of ancient Aramaic. (Why hello, OpenID.)
That said, some general advantages to having a permanent user-chosen password include:
- The user can login on any client even if they don't have access to their email on that device. In order to accomplish this without a user password, the user has to have their email device and the secondary device present at the same time, and you'd need to give the user a human readable OTP (one time password) they can enter into the secondary device manually.
- Convenience. Users doesn't have to visit their email to click an URL and can instead proceed directly to the logged in experience.
- Are you planning to give users a "log out" link, and then expect them to do the email hurdle each time? That additional email hurdle will encourage users to stay logged in when they might otherwise logout, which could make their accounts more vulnerable to theft. However, if you expect and want users to remain logged in for longer periods of time, it becomes more justifiable.
- For various reasons email delivery can be significantly delayed. It's not as much a problem now as it was in the past, but this lends email usage towards more asynchronous tasks where timing isn't terribly important.
- If you use a good password, it's more secure than email authentication. Remember that emails are basically the digital equivalent of post cards. But if you use bad passwords, like most users do, all bets are off, your accounts (email account included) are highly vulnerable to theft in any case.
- The URLs in emails will need to be designed so that they are only good for one use and time out after an hour. Otherwise gaining access to the email history or browser history becomes a means to steal login state. However, this also applies to the URL authentication that goes on typically in "forgot password?" workflows, so you probably have to do this work anyway.
- Users are sometimes reluctant to enter a valid email address for privacy and spam concerns. Often they will put in a garbage address just to get past that part of the sign up hurdle.
I'm sure there's more to say. That's what I can think of at the moment.
What's wrong with that approach? It's as easy or easier than using email, which I may or may not be logged in to.