For example, asymmetric key pairs. Give sites a public key and auth by signing something with your private key. You can use the same key on as many sites as you want, but you can also use different keys for different sites. No need for a third party even.
No it isn't, because unlike passwords you can reuse a key pair indefinitely without suffering any greater risk.
If we only ever had to remember a handful of passwords you would be right about them being easier, but we have hundreds of them which necessitates a password manager anyway which has all the same manageability problems of the asymmetric key pair without any of the benefits.
You still have to remember what it is that you signed. Unless you are saying it is a challenge/response thing. In which case you have to know what public key they have.
And if it is challenge/response, you need to have different public keys, or a compromised private key is complete game over, just like a shared password.
Thinking on it more, I'm not sure why I think auditing is harder. Is hard regardless, but I don't think this makes it tougher. If you are reusing public keys on N sites, it is now N places to check for use per key. Though, you always had N places to audit. They could be independent without reuse, but still not easy.
> You still have to remember what it is that you signed. Unless you are saying it is a challenge/response thing. In which case you have to know what public key they have.
You say that like it is a problem? Like I said, you could easily and securely get away with a single private key, so there isn't really any guesswork here. Certainly remembering usernames for hundreds of sites would be worse.
And if you want a different key pair for your porn, you can do that and it is on you to remember which one to use, same as usernames and passwords.
> a compromised private key is complete game over
Yeah, just like a compromised password manager is. Can't really do much about that.
