I had to read this article twice to make sure I was understanding it right. I honestly see zero benefit in this approach. It does not speed up the login process at all. The only thing it accomplishes is not requiring the user to remember a password. Additionally, it puts way too much power in the hands of random email servers. What if my email system at the office goes down for a few hours. Am I locked out of all websites too?
I do agree with his point that memorizing passwords can get cumbersome, especially with different sets of rules for different logins. However, the majority of people store their passwords in their everyday browser or just stay logged in indefinitely.
The real solution to "doing away with passwords" lies in recognition technology on devices. What if my keyboard could recognize my identity and pass that along to authorized sites as login credentials? What if my iPhone could do the same? I'll defer the argument of privacy in visiting sites where you don't want your identity revealed for another time.
You only get locked out of a website if you delete your cookies while your email provider is down. How often does that happen?
This idea doesn't speed up the login process, but it accomplishes a few other useful things. The server doesn't store passwords, so a breach of the server doesn't compromise other services for which users had duplicate passwords. And users can't compromise their own accounts by choosing weak passwords. Both scenarios are commonplace.
To be fair, the user can still compromise all their accounts by choosing a weak password for their email account. It does reduce the onus on them from coming up with dozens of (hopefully) unique, strong passwords to one, which is certainly an improvement.
I do agree with his point that memorizing passwords can get cumbersome, especially with different sets of rules for different logins. However, the majority of people store their passwords in their everyday browser or just stay logged in indefinitely.
The real solution to "doing away with passwords" lies in recognition technology on devices. What if my keyboard could recognize my identity and pass that along to authorized sites as login credentials? What if my iPhone could do the same? I'll defer the argument of privacy in visiting sites where you don't want your identity revealed for another time.