|
|
|
|
|
|
by Pxtl
4440 days ago
|
|
|
Honestly, I just wish I could elect one-factor non-password login on such rarely used sites. Just put a button next to the username box "login by email" and use my email address as my username. So I type in pxtl@myemailhost.ca and then click that button, get a link in my email to auth the session cookie, and I'm in. Hard implementation detail would be polling the server from the browser window to find out when I've authed the session from email, since I might want to auth from my phone. Password reset without the password. If my email account is compromised then everything is screwed, but with password-reset emails that was already true. Of course, this is potentially vulnerable to abuse... but again, password-reset emails have the same problem. |
|
|