Grow your store with our weekly podcasts, videos, and letters. JOIN NOW
Ethercycle logo
After Mat Honan's "Epic Hacking" made national news, we've been thinking a lot about security. Two-factor authentication is finally being embraced, but that doesn't solve some of the fundamental problems with passwords.

Password are annoying. People make them less annoying for themselves by setting the same password for all of their services. This is dangerous because their password is the only as secure as the weakest service they've registered on. It only takes one weak service to be breached, and suddenly your entire life is laid bare (and in Mat's case, deleted.)

The most direct way to solve the password problem would be to eliminate passwords entirely for websites. It's not ridiculous at all. When you register for a website, you have to click on a link in your email to confirm your password. When you forget your password, you have to click on a link in your email. With all that emailing, why not just email a login link? No password would ever be necessary. To sign in, the user types their email address in to a login form, clicks submit, and an email arrives with a link to login with no password.

In this scenario, your email service would still need a password. It's still a huge improvement as you would only need to remember one password, and a service like Gmail which supports two-factor and SSL is far more secure than the parakeet enthusiasts' forum you frequent.

In 2004, Bill Gates declared the password dead. Seven years later, it's time to make that happen.