It would be worth talking more about the problem you are trying to solve. What do you want to authenticate to? What issues do you have with passwords?<p>That will probably help the community help you.
Just send your users a login link to their email.<p>If you go with passwords, you already have a risk vector for resetting passwords. Skip the password and the reset.<p>Make the login link expire after 10 minutes so they attackers only have a short window.
Steve Gibson invented something you may like: Simple Quick Reliable Login <a href="https://www.grc.com/sqrl/sqrl.htm" rel="nofollow">https://www.grc.com/sqrl/sqrl.htm</a>
Choose from some combination of:<p>* Something you know (memorizing a password, PIN, whatever)<p>* Something you are (biometrics)<p>* Something you have (2FA, passkeys, OTP keys)<p>I think all three have been done in various combinations, and each have their pros and cons. Of those, I personally find Passkeys to be the easiest to use, especially with password manager that can sync across devices.
i was thinking the user having an image act as a password/key.
---then locking the key to said devices only acting like 2FA
------voice login???
---------if the user is say from los angeles their passcode only works here
---passcode but with images interchanging passwords that the user can custom set.
-----having the user record their room with their face in it and a simple phrase loike banana' oranges' apples'.
Mynoise.net has logins that don’t require a password. I love it.<p>Who gives a shit if someone logs in as me on that site? And why would anyone bother?