Token-based authentication middleware for Express & Node.js. Passwords are broken. Inspired by Justin Balthrop's article Passwords are Obsolete token-based one-time password (OTPW) authentication is faster to deploy, better for your users, and more secure.
Few issues with this that I've already noticed, it's not better for users in any way. I was excited to see what Mozilla could come up with here, but, it doesn't solve any situation. For those that don't understand how it works, imagine you've forgotten your password, and you reset the password by entering your email address, you then receive an email with a unique token which takes you to reset it. Well it's that, but you don't set a new password, you're just logged in. Which, while easier than resetting your password, means that, to log into a website, you need to go to that site, enter an email address, go to your email (or other method, discussed shortly) and click the link which takes you back to the other site. This isn't in anyway easier.
Now they say that you can incorporate other methods for sending the token, SMS for example, but this is worse, why would you log in on a computer, then get the token on your phone, you then have to type out a stupidly long token back into your browser, or become forced to login on your phone.
I don't see what this solves.