{"id":670,"date":"2015-09-08T22:31:56","date_gmt":"2015-09-08T21:31:56","guid":{"rendered":"http:\/\/www.owlfish.com\/weblog\/?p=670"},"modified":"2015-09-08T22:31:56","modified_gmt":"2015-09-08T21:31:56","slug":"killing-passwords","status":"publish","type":"post","link":"https:\/\/www.owlfish.com\/weblog\/2015\/09\/killing-passwords\/","title":{"rendered":"Killing Passwords"},"content":{"rendered":"

Passwords on websites and in apps are the bane of internet usage.\u00a0 Much has been written (recently in TechCrunch – Kill The Password)<\/a> on how painful they are to generate and remember.\u00a0 Password managers help with the challenge, but are\u00a0 a cumbersome band aid.<\/p>\n

When building a website application, adding username and passwords is also painful, requiring extensive work to get working well and securely.\u00a0 So, what are the alternatives?\u00a0 There are some good ideas out there, but they tend to be complicated (OpenID Connect), or put large identity providers in a special position (Fido, OpenID Connect) or are centralized and cost money (e.g. Clef<\/a>).<\/p>\n

I think it’s possible to build a simple, distributed, secure authentication mechanism that allows users to login to sites without generating passwords.\u00a0 The vision is that a user can authenticate themselves easily:<\/p>\n