DEV Community

Discussion on: Maybe Passwords are the Future

Collapse
 
jcubic profile image
Jakub T. Jankiewicz • Edited

I don't think that passwords are needed at all. The reason they exists is to verify that you are you. There are better way of doing it. But I yet to see good solution.

The problem the password solve is that you say once that you're you and then again you verify that you're you.

I think that 2FA solution where 2nd A is the only A is the way to go. But it need to way better automated so it have better UX.

I was once thinking about Personal OAuth solution, where user browser act as OAuth provider that can verify that she is she. Or something like LastPass but that will allow to register to the service, not only store passwords.

All those password managers are just a patch/hack on broken system with password. It would be easier to just remove all password and start a better way of user authentication.

Solving password problem is great way to start a new Startup around the idea. Having app on a phone that act as OAuth with single button sign in like with physical Token would be really great idea for a startup that will get rid of passwords. Since with 2FA you actually don't need that 1st step with password. The app will only work similar to LastPass, Physical token and Authenticator App.

The flow can work like this:

  • You login on a website with email or username only
  • Request is send to the service
  • Popup show up on your phone (that can be restricted with PIN, like Bank mobile app of someone want better security)
  • User tap the button
  • Service authenticate the user on the site

To resister:

  • you type username and QR Code show up on the screen
  • You scan the code with the app

And you only need one password for the Service. This can be called 2ndFA Second Factor Authentication.

The normal process of registration with password and email will only happen with The Service.