Authorization without login and without password

    There was an idea about how to get rid of the login and password during authorization. Now it is probably hard to find someone who does not use E-mail or IM. At the same time, clients of these services are able to remember the usernames and passwords of their accounts, which many use, especially on personal computers. So, the essence of the idea is this: to use a mechanism similar to that which is often used when resetting passwords on most sites when authorizing on Web resources.

    Simply send an e-mail (or an instant messenger) to the address / number of the same resource on which authorization is required (let it be, for example, an ICQ bot or an e-mail processor). Having found the addressee in its database, the server of this resource sends an HTTP link in response to it, when you click on it, authorization is performed. Link, of course, should be one-time.

    Moreover, when using the IMAP protocol for mail, everything would be very smart, not to mention ICQ and others like them.

    It would be very convenient for me, I do not enter my passwords for mail and ICQ, trusting this system. What do you think?

    UPD:This method can be used as an alternative to standard authorization methods, in no case do I urge to abandon OpenID.

    UPD2: By the way, just as it is implemented in systems with one-time passwords, it would be possible to do, at least optionally, that when entering (authorizing) or leaving the system, another ticket-link would be sent to the mailbox. In this case, for authorization it would be enough to accept mail and follow the link. And for convenience, configure the appropriate filter in the client application, which would transfer letters to special folders.

    Also popular now: