WingNews logo WingNews GitHub [2]
top | item 7895227

Ask HN: Any obvious disadvantages to password-less, email-only login?

5 points| spurofthemoment | 11 years ago | reply

An idea suggested several times here on HN is the idea of password-less logins: You enter your email address and receive an email with a unique link (valid for an hour or so) which, when clicked, will log you in and allow you to stay logged in for e.g. two months.

This would not work for really sensitive stuff (e.g. banking) where you need to log in each time you visit the site, but for normal sites it's really user-friendly.

My question is: Are the any disadvantages to this model? The only one I can think of is the situation where you've deleted your old email address and some time after that have to log in to a website that uses password-less login. But that is probably a rare occurance and could be fixed by contacting support.

9 comments

order
[+] chewxy|11 years ago|reply
Check out Fork the Cookbook[0], which uses such a thing. The main complaint (about 10 each week) is that people expect to have only one password. It's not really as user friendly as you think

[0]: http://forkthecookbook.com

[+] spurofthemoment|11 years ago|reply
people expect to have only one password

Fork the Cookbook emails the user a password, but that's not what I'm suggesting. What I'm suggesting is completely password-less: You receive a link like http://example.com/log-in/0039392030202 in your email and just click that to log in and stay logged in for e.g. two months.

[+] antonwinter|11 years ago|reply
we used this on a project. it works pretty well.

a few obvious, but ok issues are.

1) if the person uses a computer where they dont have access to their email its a problem

2) the person forwards the link to others to use

3) sometimes emails get delayed

lastly a less obvious issue

4) people expect to use username/password, which means most of the users we had, had to be educated on how to log in. even when it clearly said what they had to do.

[+] gdewilde|11 years ago|reply
check out Persona https://login.persona.org
[+] spurofthemoment|11 years ago|reply
Persona is a no-go for me - I just don't believe that it will ever take off now that Mozilla has put it in maintenance mode. Mozilla has vowed to keep the servers up, but other than that they don't seem to be doing anything to further Persona's mainstream adoption.
[+] Mz|11 years ago|reply
If you use multiple different computers, especially public computers, you won't stay logged in for two months (or whatever). This is not necessarily a big deal assuming you don't have a problem with them logging in over and over and over. It won't necessarily be that big of a convenience to such a person and might make them very self conscious of their lifestyle difference (for example, they are poor and only log in on public library terminals which have a time limit -- your assumptions about computer usage are kind of upper class) especially if, for some reason, you decide that their difference in usage makes them "suspicious" (a common occurrence for the underclass) and begin making life more difficult for them simply because their usage differs from the scenario you expected.