arrow-left arrow-right brightness-2 chevron-left chevron-right circle-half-full dots-horizontal facebook-box facebook loader magnify menu-down RSS star Twitter twitter GitHub white-balance-sunny window-close
Email-based Authentication
1 min read

Email-based Authentication

This is an old post and doesn't necessarily reflect my current thinking on a topic, and some links or images may not work. The text is preserved here for posterity.

From a user's point of view, OpenID works something like this:

  1. You browse to a site you like that uses OpenID, and click the "login" button
  2. You enter your OpenID
  3. You are redirected to the site that authenticates your OpenID.
    Note: You may be asked to login with a username and password for that site if you haven't done so recently.
  4. You are redirected back to the original site you browsed to, and are automatically logged in

Today I got to thinking that this is quite similar to how the "reset my password" link on most websites works:

  1. You browse to a site you like, and click the "reset my password" button
  2. You enter your username or email address
  3. You Alt+Tab to your email client, or Ctrl+Tab to your web-based email client.
    Note: You may be asked to login with a username and password for your email server if you haven't done so recently.
  4. You Alt/Ctrl+Tab back to the original site you browsed to, paste in the newly generated password, and are logged in

In OpenID terms, I guess this means that email is a relying party.

Which makes me wonder: if a browser plug-in could automatically receive, extract and paste replacement passwords from emails, we'd get most of the benefits of OpenID without any adoption issues. Thoughts?

Enjoying these posts? Subscribe for more

Subscribe now
Already have an account? Sign in
Paul Stovell's Blog

Hello, I'm Paul Stovell

I'm a Brisbane-based software developer, and founder of Octopus Deploy, a DevOps automation software company. This is my personal blog where I write about my journey with Octopus and software development.

I write new blog posts about once a month. Subscribe and I'll send you an email when I publish something new.

Subscribe

Comments

You've successfully subscribed to Paul Stovell's Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info is updated.