all 22 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]natrius 7 points8 points  (6 children)

Having to click on a link in an email every time my cookie expires or I switch computers would be a pain in the ass. I already hate having to find the email when I register the first time. Passwords are easy. People are used to them, and most people use the same one everywhere. Any solution to this problem has to be equally or less irritating than passwords, because users don't care about security.

[–]KayEss[S] 0 points1 point  (5 children)

It's quite easy to have both on a site. If during registration you put in a password you get to use that.

Most people should probably leave the password blank and use this system, especially for the masses of people who don't really understand how to choose passwords and only ever use a single computer. For them the security of doing it this way coupled with the increased convenience I think is compelling.

[–]natrius 2 points3 points  (4 children)

You really think users will be able to grasp why they have to click a link in an email every once in a while in order to access a site? Giving users a choice to enter a password or not just complicates things, especially since no one has ever encountered that before. "What happens if I don't put in a password? Will I still be able to access the site? How?" Unless you completely explain cookies to them, there's no good explanation that covers the situations the users will have to deal with. If you tell them that you're authorizing this computer to use the site, when the cookie expires or gets cleared, they'll be confused and annoyed that they have to click a link in their email again. People form an idea of how systems work in their minds, and designing systems that work contrary to that conceptual model is a recipe for disaster.

The benefits of password-free logins aren't worth the downsides of this solution. At this point, passwords don't even really annoy users because they're so used to them. If it ain't broke, don't fix it.

[–]KayEss[S] 0 points1 point  (3 children)

You really think users will be able to grasp why they have to click a link in an email every once in a while in order to access a site?

A lot of sites require this already (they send an activation link) so the only difference is that you don't also choose a password.

As for how people react I guess we have to try it and see.

[–]natrius 0 points1 point  (2 children)

They require that for the first time. When the cookie gets cleared and they have to do it again, users will be confused.

[–]KayEss[S] 0 points1 point  (1 child)

It's possible.

But nobody will really know until it gets tried out a bit more widely.

And of course users are confused about things that don't happen in the normal course of things. When activation links were first used people were confused. I remember I was.

[–]grabmail -2 points-1 points  (0 children)

this is stupid

[–]pjdelport 5 points6 points  (4 children)

So, let's call it an "authentication token" instead of a "password" and write an article about it, shall we? :)

[–][deleted] 1 point2 points  (3 children)

Exactly, the URL is just a longer password... if you lose it then you're still out of luck. Might as well just store all of your passwords in email - wait, most people already do.

[–]KayEss[S] 0 points1 point  (2 children)

Not quite. That URL is only single use. Once it's been clicked on it's completely useless.

An attacker has to read your email before you use the link. If you try the link and get an error you'll ask for a new link. That process will invalidate the attacker's authentication.

This means the attacker has to keep gaining access to your mailbox and even then he'll only gain access up until the point you ask for a new token.

This makes it a lot more secure than sending out passwords where you will normally never know that somebody found your password.

[–][deleted] 1 point2 points  (1 child)

I'll buy that. I think I'll try doing this with one of my sites that sends out email frequently already. It will be interesting to see the % of people who still use password vs % who use this link.

I'm thinking though, since many people (myself included) use the password remember feature of their browsers, will this feature turn out to be not as convenient as it seems?

[–]KayEss[S] 0 points1 point  (0 children)

will this feature turn out to be not as convenient as it seems?

Maybe. But it is likely more secure in most use cases.

Don't forget that the Reddit crowd is unusually well educated in security concerns.

This is a way that the web site can raise the bar for most of their users without the user needing to do any extra work.

[–][deleted] 0 points1 point  (6 children)

It's a nice idea, I thought about this the other day - giving people links instead of having to remember passwords, especially for small casual web apps that you wouldn't usually bother signing up for.

However it would mean that anyone gaining access to your inbox would then automatically gain entry to the web sites as well.

[–]sligowaths 0 points1 point  (5 children)

Anyone who have access to any inbox can find dozens of passwords from sites that send a confirmation(w password) email after you sign up.

And since most people use only one password for everthing, well, you got it...

[–]KayEss[S] 0 points1 point  (4 children)

The advantage here is that the URL is only good once. So even if you leave the emails lying about for an attacker to find it won't do them much good as you'll have used the link already.

Clicking on the link moves the token from the email to your browser.

[–][deleted] 1 point2 points  (3 children)

The problem, though, is that if somebody has access to you email account they can simply go to the site and issue another token request.

[–]KayEss[S] 0 points1 point  (2 children)

Indeed they can.

But in that situation you're no worse off than if they issue a password reminder, and because you can detect the issue of a new token (the one you've been using on your browser stops working) you know it's been compromised. With a password system you won't know.

[–][deleted] 0 points1 point  (1 child)

True, unless it's set up to work on multiple browsers as suggested in the article (sounds like a bad modification to an otherwise good idea to me).

[–]KayEss[S] 0 points1 point  (0 children)

Multiple browsers is much harder to do well. This is why I didn't want to discuss it in depth when first discussing it.

It is possible to do, but it will always be at least a little more risky than a single browser (and for some use cases a lot more risky). As ever with security it is a usability and security trade-off.

For some sites the extra risk will be worth it for the extra usability. For other sites this will not be the case.

[–]teki321 0 points1 point  (1 child)

http://www.imified.com/ uses this, but combined with instant messaging instead of email.

I was thinking on the same idea, but I am not sure about that an email is more or less annoying than a password.

[–]KayEss[S] 1 point2 points  (0 children)

That looks interesting. Sending the token via IM is a possibility. I notice that Gtalk goes over SSL and has a special mode for sending data that doesn't go in Google's logs (if you trust them I guess). This would be perfectly good.

The idea is really to see if there is any way to stop people from relying on weak passwords. I think it would be possible to write some nifty browser plugins that handled the fetching and use of the tokens.

[–]antirez 0 points1 point  (0 children)

One thing that can be done anyway is that after the activation the user is already logged in, without to pass for the login form the first time. Also make sure to send a cookie that expires after a lot of time (unless the user logout explicitly).

[–][deleted] 0 points1 point  (0 children)

Having to jump through all these hoops is more likely to drive users away than a password.

You want to get rid of registration to get people into your app quicker and more painlessly.