[justinph]

The problem I have with this is that it makes people create and manage an account. My 90 year old grandmother is not gonna manage that.

I made a little hack for wordpress that lets you run a wordpress blog and have a shared security question that lets people access content. A simple question like "What is the name of the family dog?" or "What is grandpa's nickname?", something like that. Not industrial strength security, but enough to keep it sorta private and out of search.

The nifty part is that with wordpress and Jetpack, people can sign up for posts by email, so every time you post, your friends/family can get an email with the updates. No need to even visit the blog. Perfect for grandma.

Here's the two files that make it work, in case anyone is interested: https://gist.github.com/justinph/f0fb937d1ee418a45bfb85e91e4...

[lallysingh]

Yeah it's a problem they don't need to have. A few oathy entrances would help. "Login with Google" "Login with facebook" "Login with outlook", etc. If the user's added foo@gmail.com, it's fair to let foo@ to log in with the same identifier.

[noyesno]

Cheapest FIDO2 capable USB keys seem to be around 9$. At that point you could theoretically give our family and close friends a physical key to the service for easy authentication.

Some could even reuse the key for other services, assuming they realize that they need a spare for backup.

[andyfleming]

Yeah, it would be nice to have some other options besides full-on user accounts. One approach could be to have an expiring token where the post can be shared and accessed for a certain number of days before the token/URL is invalid.

[mawise]

This is a problem. I initially couldn't get my wife's Grandmother to see the site because sending her a password was too complicated. I have since implemented magic links for login. When you create an account for someone you can share a magic link with them or an email/password combination.

[mozey]

Interesting idea, maybe combine it with some fingerprinting? I.e. the first access on the link binds some attributes, and if they change the link expires. Chances are people who need these links are only using one device.

[wintermutestwin]

Magic links sounds like a perfect solution.

[paxys]

It doesn't stop them from (knowingly or unknowingly) forwarding the link to someone else.

[tunesmith]

You could set up a magic link that would ask your grandma for her middle name, and all she'd have to type in is Ethel. Then if she forwards the magic link, it wouldn't work for them unless they know her middle name. So like a personalized password with no username. Less secure than username/password but no big deal if it's for a small number of people.

[rhodozelia]

I had that exact idea last week - answer a question that shows you know me and you are not a bot and then you can access my blog and posted photos, but the surveillance machine can’t.