Medium.com came up with a simple yet ingenious way to get rid of passwords. From their blog:
When you want to sign in to Medium, we’ll send you an email that contains a special sign in link. Clicking on that link will sign you in. That’s all there is to it. If you’ve ever used a “forgot password” feature, it works a lot like that, except you don’t have to forget a password to use it.
Wow. Why didn’t anyone else think of that? Is it secure? Actually, yes. It’s more secure than having just a single password:
It sounds counterintuitive, but this is actually more secure than a password-based system. On most services, if someone guesses or cracks your password, they gain access to your account until you change your password, which might not be for a long time. You might never know that they have access. With this email-only system:
- You’re automatically notified when someone tries to sign in.
- The sign in link expires after a short amount of time.
- The sign in link can only be used once.
With no passwords to store, there’s nothing to hack. It’s just your email. I wouldn’t want this system in place for my bank, though. 2-Factor Authentication is still better for such important accounts.
Still, this is great, except you can only use Medium.com on a device on which you also have email access. As long as you don’t need to login on something else, this should work fine. One less password to store in your password manager! Let’s hope medium.com’s elimination of passwords catches on.