DEV Community

Antonio
Antonio

Posted on

[Dev Discussion] Passwordless login?

Hello guys! Just a question that popped out of my mind. If hackers usually target email/passwords that would grant them access to a specific service, why not use email + a short-lived credential like a OTP (e.g., the ones generated by an authenticator app)? Wouldn't that be far more secure since the window of attack is considerably reduced? I know that probably that would suck from a usability point of view.

Top comments (8)

Collapse
 
rhymes profile image
rhymes

Notion does this, they send you a OTP via email.

The issue with that is that if your email is ever compromised, Notion will be too.

I'd rather have a password and 2FA or as DEV does, delegate security to an OAuth provider.

Collapse
 
highcenburg profile image
Vicente G. Reyes

Dev does this with Twitter and GitHub which makes it easier for devs to not think about a password.

Collapse
 
diiaablo95 profile image
Antonio

Yes I know that, and indeed it sounds amazing. But then the matter is shifted onto GitHub and Twitter, which do require passwords.

Collapse
 
highcenburg profile image
Vicente G. Reyes

I agree. But there will still be a root to an account which requires a password, hence in my opinion won't be possible.

Thread Thread
 
diiaablo95 profile image
Antonio

Why does it have to be like that? Why a password at all? Authenticator can offer a similar service.

Thread Thread
 
highcenburg profile image
Vicente G. Reyes

It all started in the Ancient Times where you should check this link on Wikipedia about it. lol

Collapse
 
yzhernand profile image
Yozen Hernandez

I've been eager to see places adopt SQRL. It looks pretty cool and is designed to solve this kind of problem.

Collapse
 
diiaablo95 profile image
Antonio

This sounds dope!