23rd March 2025
No More Passwords
Every so often, I'm reminded of a great technology which hasn't seen wider adoption. Today, that was websites without passwords. Instead of making the user input a password, you send them a one time code to their email address and store a secure password in their browser as a cookie. Never again will users employ insecure passwords. Though it's important you send a code which only works for the user's specific session to prevent the email from being evesdropped. Though it would be nice if the browser added an API for sensitive cookie data, that way the user could also specify a global password for all login tokens stored on their computer.