I don't think that passwords are needed at all. The reason they exists is to verify that you are you. There are better way of doing it. But I yet to see good solution.
The problem the password solve is that you say once that you're you and then again you verify that you're you.
I think that 2FA solution where 2nd A is the only A is the way to go. But it need to way better automated so it have better UX.
I was once thinking about Personal OAuth solution, where user browser act as OAuth provider that can verify that she is she. Or something like LastPass but that will allow to register to the service, not only store passwords.
All those password managers are just a patch/hack on broken system with password. It would be easier to just remove all password and start a better way of user authentication.
Solving password problem is great way to start a new Startup around the idea. Having app on a phone that act as OAuth with single button sign in like with physical Token would be really great idea for a startup that will get rid of passwords. Since with 2FA you actually don't need that 1st step with password. The app will only work similar to LastPass, Physical token and Authenticator App.
The flow can work like this:
You login on a website with email or username only
Request is send to the service
Popup show up on your phone (that can be restricted with PIN, like Bank mobile app of someone want better security)
User tap the button
Service authenticate the user on the site
To resister:
you type username and QR Code show up on the screen
You scan the code with the app
And you only need one password for the Service. This can be called 2ndFA Second Factor Authentication.
The normal process of registration with password and email will only happen with The Service.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I don't think that passwords are needed at all. The reason they exists is to verify that you are you. There are better way of doing it. But I yet to see good solution.
The problem the password solve is that you say once that you're you and then again you verify that you're you.
I think that 2FA solution where 2nd A is the only A is the way to go. But it need to way better automated so it have better UX.
I was once thinking about Personal OAuth solution, where user browser act as OAuth provider that can verify that she is she. Or something like LastPass but that will allow to register to the service, not only store passwords.
All those password managers are just a patch/hack on broken system with password. It would be easier to just remove all password and start a better way of user authentication.
Solving password problem is great way to start a new Startup around the idea. Having app on a phone that act as OAuth with single button sign in like with physical Token would be really great idea for a startup that will get rid of passwords. Since with 2FA you actually don't need that 1st step with password. The app will only work similar to LastPass, Physical token and Authenticator App.
The flow can work like this:
To resister:
And you only need one password for the Service. This can be called 2ndFA Second Factor Authentication.
The normal process of registration with password and email will only happen with The Service.