Here’s a shockingly-common login process I witness, Get to a login pag, Click “I forgot my password", Go to their email, Click the recovery link, Type a throwaway password they won’t retain, Rinse, and repeat
-
Ryan Castellucci :nonbinary_flag:wrote last edited by [email protected]
Here’s a shockingly-common login process I witness, Get to a login pag, Click “I forgot my password", Go to their email, Click the recovery link, Type a throwaway password they won’t retain, Rinse, and repeat
The author ponders why, though I am not of the group this is typically asked of.
I do sometimes do this with sites I use extremely infrequently, especially ones which I am not sure I'll use again.
Passwords are a bad authentication method, and some sites aren't worth the time to put an entry in my password manager.
I wouldn't have even made that account unless I'd been forced to.
-
Adam Shostack :donor: :rebelverified:replied to Ryan Castellucci :nonbinary_flag: last edited by
@ryanc I don't do this because the 30-60 second lag to get the email, plus all the shiny distractions in my email, but, yeah, it's not stupid.
-
SolTwoOnereplied to Ryan Castellucci :nonbinary_flag: last edited by
@ryanc I've seen a couple websites lean into this and offer to send a code or link to your email to log in instead of requiring you to remember a password.
-
Ryan Castellucci :nonbinary_flag:replied to SolTwoOne last edited by
@SolTwoOne 404 media does "click a link in your email" exclusively, though I was recently annoyed by it because you have to open the email on the same device as the one you want to log in on, and I wanted to log in on my work computer.
-
Paperisiilireplied to Ryan Castellucci :nonbinary_flag: last edited by
@ryanc It's really interesting that some new websites are opting to forego passwords and use email only for authentication.
Every time you want to log in, they send you a link or a code. That's it. Only email required to get in.
I kinda like it because I dislike password managers and identity providers, but I have a nagging feeling that I'm being unsafe.
-
Ryan Castellucci :nonbinary_flag:replied to Paperisiili last edited by
@paperisiili If you can password reset with just a link emailed to you, then it's already protected with the weaker of either access to email or the password, so this seems fine to me.