Authorization without login and without password
There was an idea of how to get rid of the login and password during authorization. Now it’s probably difficult to find someone who doesn’t use E-mail or IM. At the same time, clients of these services are able to remember the logins and passwords of their accounts, which many use, especially on personal computers. So, the essence of the idea is the following: to use a mechanism similar to the one often used when resetting passwords on most sites when authorizing resources on the Network.
Just by e-mail or instant-messenger send a message (even if empty) to the address / number of the resource itself, which requires authorization (let it be, for example, ICQ-bot or email processor). The server of this resource, having found the addressee in its database, sends back an HTTP link to it in response, upon which it is followed by authorization. The link, of course, must be one-time.
And when using the IMAP protocol for mail, everything would be very smart, not to mention ICQ and their ilk.
')
It would be very convenient for me, I do not enter my passwords for mail and ICQ, trusting it to the system. What do you think?
UPD: This method can be used as an alternative to standard authorization methods, I do not in any case urge to abandon OpenID.
UPD2: By the way, just as it is implemented in systems with one-time passwords, it could be done, at least optionally, that when entering (logging in) or leaving the system to the mailbox, there would be another link ticket. In this case, for authorization, it would be enough to accept mail and follow the link. And for convenience, set up the appropriate filter in the client application, which would shift the letters to special folders.
Just by e-mail or instant-messenger send a message (even if empty) to the address / number of the resource itself, which requires authorization (let it be, for example, ICQ-bot or email processor). The server of this resource, having found the addressee in its database, sends back an HTTP link to it in response, upon which it is followed by authorization. The link, of course, must be one-time.
And when using the IMAP protocol for mail, everything would be very smart, not to mention ICQ and their ilk.
')
It would be very convenient for me, I do not enter my passwords for mail and ICQ, trusting it to the system. What do you think?
UPD: This method can be used as an alternative to standard authorization methods, I do not in any case urge to abandon OpenID.
UPD2: By the way, just as it is implemented in systems with one-time passwords, it could be done, at least optionally, that when entering (logging in) or leaving the system to the mailbox, there would be another link ticket. In this case, for authorization, it would be enough to accept mail and follow the link. And for convenience, set up the appropriate filter in the client application, which would shift the letters to special folders.
Source: https://habr.com/ru/post/55485/
All Articles