[domdelimar]

Considering the price of an SMS (which also differs from place to place), why does the temporary password have to arrive by SMS? Why not by email, since user's already online, obviously?

But given the novelty of this approach (although I'm pretty sure I read about it somewhere already, I don't know of any real-world implementation), it should definitely be used alongside optional passwords, for those who want that. At least until the rest of the web catches on...

[domdelimar]

Ok, if there's a concern about still having to use some password for the email account, maybe the right way to go would be to build apps for all platforms. It would be like the Google's two-way authentication, only simpler? Am I missing something? I'm missing something crucial, aren't I? ;)

[EdiBudimilic]

No you're not, that's it! App would solve the SMS problem due to costs but all should be optional like: password login, sms temp password, email direct login link. It seems like it's different and maybe a bit harder to code, but it's not rocket science. :)

[domdelimar]

Yeah, it's not rocket science, obviously. It's computer science. :P

The way I see it, email is the simplest and cheapest way. Although I wouldn't like average Joe to casually login to their email account on public machines.

But then, chances are the email provider will have 2-way authentication, so it would be a bit more work to get to the account every time on a new, public machine, but I guess that wouldn't be that often and would be preferred to the current way of doing the same thing.

SMS creates cost which some sites couldn't bear and the app route creates greater cost of implementation (to be a true replacement - or should I say truly disruptive ;) - it would have to be cross-platform, IMHO).