Google has been trying to fix passwords for a while:
“Passwords are one of the worst things on the internet,” Mark Risher, Google’s senior director for account security, identity, and abuse told The Verge. Though they’re essential for security and to help people log in to many apps and websites, “they’re one of the primary, if not the primary, ways that people actually end up getting compromised.”
It’s a strange thing for a Google security executive to say because the last time you logged into Gmail, you probably typed in a password. But the company has been trying to nudge users away from the model for years, or at least minimize the damage. And in the coming weeks, one of Google’s quietest tools in that fight — the Password Checkup plugin — will be getting a higher profile, as it joins the Security Checkup dashboard built into every Google account.
Any time I work on any web project that requires accounts, I always think about how if it can be done without passwords. I wrote the user account system for this website (I’m the only one who has an account right now) and it started out with NO passwords at all.
Originally, logins to this website were only done by entering an email address. If the email matches an account in the system, it would send an email with a login link. Clicking on that link logs the user in and keeps them logged in for a few days.
I eventually added a password field because waiting for the login email was annoying and I didn’t want to rely on a third party email service. 🤷🏾♂️