I dream of the day all logins are just simple tokens. Either sent through email, or SMS. So sick of passwords. I've used other Passwordless libraries on a few projects, and it's almost cathartic.
The problem with that is that it breaks a user's flow too much :/ It's a good fallback, and it has many benefits, but having to switch contexts to the mail client and wait for an email is too cumbersome for the user (although it's not too bad when paired with a long-lived session).
That's why Portier supports other auth providers, so you can have the best of both worlds.
>The problem with that is that it breaks a user's flow too much :/
Unironically and without rancor, would you say it breaks a users flow more or less than having to go fire up their password manager and find the service from dozens of entries?
The number of services we use daily is increasing, and they just keep getting hacked. The idea of actually memorizing your password is rapidly becoming impractical. Most people these days who understand password security have either developed a personal algorithm for deriving passwords, or use a password manager for literally everything.
I'm super glad someone has done this, because it means I don't have to get off my arse and do it, and lord knows I love laziness.
Generally speaking, for websites that I log into less than once a month, I reset my password every time I log into them, and set it to a random and long keyboard smashing every time I do so. This is the same workflow, but without having to use notepad to stage the new "password" for entry into the confirmation field.
> more or less than having to go fire up their password manager and find the service from dozens of entries?
Definitely more. All good password managers are so well integrated that the username and password are pre-filled in most sites noawadays.
> Most people these days who understand password security have either developed a personal algorithm for deriving passwords, or use a password manager for literally everything.
Yep, passwords suck.
> This is the same workflow, but without having to use notepad to stage the new "password" for entry into the confirmation field.
Agreed on both counts. Given the imminent Persona shutdown, and until I can move it to Portier, I've implemented it on Pastery as a stopgap: https://www.pastery.net/login/
I think it works quite well (the session lasts until you log out).
Here in China more and more logins are using "scan this QR code with your phone". I think this kind of makes sense for places where you really want to login, and it is very convenient.
