360M Reasons to Destroy All Passwords

The argument for passwordless authentication reminds me of crash-only programs. Basically, if you have two modes of operation, a normal mode and a recovery mode, then why not just use the recovery mode for everything?<p>The next step, which a lot of skeptics don&#x27;t take the time to think about, is that you can easily combine multiple channels when doing passwordless authentication.<p>So, one-factor is to send a magic link to your inbox. A second factor would be to also send a link to your phone. a third factor would be to also send a link to a friend&#x27;s phone. That would prove that it&#x27;s your inbox, your phone, and that you trust that friend. You&#x27;re adding entropy by adding channels instead of characters.<p>Even if someone managed to use technology to stand in for your inbox and your phone, and took over your account. You could still recover it by having your friend vouch for you, because that&#x27;s a whole &#x27;nother layer of complexity the attacker would have to overcome to convince your friend not to trust you.

The proposed solution of email auth seems slightly more inconvenient than having a password though which may make it difficult to catch on. However once everyone sees the consequences of being hacked maybe they will agree to use it and see it become a standard.<p>The email could also include a one-use code so you could receive the email on your phone and use the code to log in on your friends computer, saving you from having to log in to your email on your friend&#x27;s computer.<p>An issue that springs to mind though is whether emails are a secure enough to trust with the power to login.