Ask HN: Any obvious disadvantages to password-less, email-only login?
An idea suggested several times here on HN is the idea of password-less logins: You enter your email address and receive an email with a unique link (valid for an hour or so) which, when clicked, will log you in and allow you to stay logged in for e.g. two months.
This would not work for really sensitive stuff (e.g. banking) where you need to log in each time you visit the site, but for normal sites it's really user-friendly.
My question is: Are the any disadvantages to this model? The only one I can think of is the situation where you've deleted your old email address and some time after that have to log in to a website that uses password-less login. But that is probably a rare occurance and could be fixed by contacting support.
9 comments
[ 3.1 ms ] story [ 26.1 ms ] thread[0]: http://forkthecookbook.com
Fork the Cookbook emails the user a password, but that's not what I'm suggesting. What I'm suggesting is completely password-less: You receive a link like http://example.com/log-in/0039392030202 in your email and just click that to log in and stay logged in for e.g. two months.
The link expires within an hour, and once logged in you're logged in for a day.
People complain about that shit every week. We switched to Persona for a week. Even worse results. The only reason why I'm keeping this for FtC is because I don't want to deal with passwords and hashing and stuff.
a few obvious, but ok issues are.
1) if the person uses a computer where they dont have access to their email its a problem
2) the person forwards the link to others to use
3) sometimes emails get delayed
lastly a less obvious issue
4) people expect to use username/password, which means most of the users we had, had to be educated on how to log in. even when it clearly said what they had to do.