Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

In the era of cloud services, if it's not on your hard drive you could ultimately lose access to it at any time. People tend to think about reasons like companies shutting down services, getting acquired, etc. but this brings up an entirely new class of ways you could lose access to your cloud info: Locking yourself out. Maybe you forgot the password, your password manager had a bug, or the account was with an old school or work email you no longer have access to. This may seem silly but as a dev I forget my passwords for things all the time. Imagine how this kind of technological shift impacts a non-technical person.


I worked for a large b2c website.

Many users used the password recovery flow essentially as their login mechanism.

Seriously.


Some companies understood and embraced this: Slack and auth0 can send you "login links" via email which log you right in.

Remove that pesky "password" from the entire "password reset" flow. Makes perfect sense (meaning: there's clearly users making use of it).


We did the same after realizing what was going on.


What's surprising about that? It's the easiest way to deal with a system where you need to log in occasionally.


So why not take advantage of that... instead of passwords just email the user a link they need to press to login.


That is a great idea. For many people that would be quicker and a nicer work flow.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: