Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I have wondered if some web pages effectively have this as the main log in method. If you have a hurricane tracking page, everyone is going to forget their passwords in between hurricane seasons.


Steam has nearly done this for me.

Oh, it has a password. But if I remember my password I have to check my email and copy and paste a code from there. And if I forget my password I have to... check my email and copy and paste a code from there... really not much point to the password.


Bulb energy supplier in the UK trialled this - they soon switched due to complaints although I didn't really mind it.

Assume it was due to the inconvenience of not being able to remember password/stay signed in.


Yahoo Japan (not really related to the defunct original Yahoo and still very successful in Japan) recently abolished passwords for new accounts.

You can only login with reset emails or SMS codes, which is pretty annoying.


I wondered about this too and asked about it on the security stackexchange forum in case I was overlooking some glaringly obvious reason not to. Turns out that most thought it was reasonable too, though maybe too frustrating for some.

https://security.stackexchange.com/q/12828/8518


I've seen Blendle and a couple of other web sites do this.

You go to the login page, and your choices are federated login, standard login, or a one-time login e-mail.


medium.com is famous for email OTP authentication. They even blogged about it (search hacker news for more information)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: