Recently, I tweeted this:
At this point, “forgot password” might as well be the actual login button.
— Jordyn Bonds (@skybondsor) February 25, 2013
It prompted a discussion with my super-colleague, Mark, about why no one has implemented that as an authentication process yet. Consider a process like this (I’ve bolded steps that the user would actually see):
- User enters email address, clicks LOGIN.
- User is prompted to close their browser tab or window, then go check their email.
- Cookie is set on user’s browser.
- User clicks time-sensitive, encrypted link in the email which opens a new tab or window.
- Cookie and link are required to actually be logged in.
- User is logged in.
- Server is flushed and encryption algorithm changes.
Four steps. No passwords.
So, what is the flaw in this process? How is it not both as quick and as safe, if not safer, than the existing authentication paradigm of creating a new password every time you go through the forgot password flow?
Just to be thorough:
- What if I type in the wrong email address? That would send an email to an account you don’t have access to and would thus prevent you from signing in as that account-holder.
- What if my email gets hacked? First of all, the links in these emails are active for a brief window of time, say 30 minutes at the very most. Second, if your email has been hacked you are already screwed because the hacker can reset your password to every account in the current paradigm anyway.
- What if your server gets hacked? Again, the generated url is valid for a very short time and is then completely erased from the server. Also, logging in requires not just that url, but also the presence of a cookie on the same machine. Further, the algorithm changes constantly. Thus, it would have to be an inside job performed in under a minute, just to gain access to a single login. Not a very economical way to make a living.
Help me find the flaw in this because, for the life of me, I can’t figure out why every website doesn’t already work this way, saving us all from the utter farce of passwords.
And more on why we need SOMETHING other than the current password system: 30 years of failure: the username/password combination