> On Jun 1, 2020, at 9:40 PM, Ray Kiddy <r...@ganymede.org> wrote: > > > Somebody comes in to the app, I get their e-mail address and sent them an > "invite" into the app. This is exactly as secure as any password-storage > system that uses e-mail to reset passwords
This means the user has to invoke a new session by getting a link in email each time they access? I suppose that link cannot be shared since it expires? I mean it sounds interesting, I am interested in what is going on with your suggestion. Just seems like sending around links that allow people to enter directly has various dangers and complexities itself, and I wonder what the resulting experience is and what the level of security is. Isn’t this technically pushing the password back to your email login and isn’t that really no different than the O-Auth or Apple sign in? Apple sign in is preferable to users because it is easy and doesn’t offer private information to the site, Facebook login seems the same but is reversed. Facebook login is there to let Facebook see where you login and when so it can sell that data to advertisers. The idea of not using passwords at all is interesting, but I’m not sure this would be what I’m thinking about. I’m going to guess this is not a bank, but what sort of service uses this email authentication and why was it implemented? _______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list (Webobjects-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com