Hacker News new | past | comments | ask | show | jobs | submit login

For [11]: I think it makes sense to also highlight other approaches than OpenID such as https://passwordless.net which is a sort of way in the middle (disclaimer: I'm the author)



As a huge supporter of Persona, I am intrigued. Can you sell me on how this may be better?


I think Persona is great and can be the right choice for many scenarios. Browser support, the JS requirement, and the reliance on email (whereas tokens can e.g. be distributed via text message) might however be points that convince developers to go with one-time passwords.


> Browser support

Persona is just a protocol though, it's implicitly supported by all browsers. Though in-browser auth (which is the ideal case) is only in Firefox so far...

> JS requirement

Granted. Though theoretically, you don't need javascript.

> reliance on email

Granted again, but this is a completely acceptable tradeoff for 99% of services which will require an email and usually even use it as the user's identification.

Still not sold, but I'll keep your solution in mind. Thanks for alternatives! :)


Also, Persona still relies on passwords which are usually too weak and re-used across the web


Depends on the email address you use :-) Gmail, etc. are directly supported - for any other email provider (or your self-hosted one) you'll need a password.


No, Persona does not rely on passwords. Persona has authentication providers that rely on passwords.


Added. Thanks :)




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: