Blogging service Medium has enabled a new feature for its users where they can log in to their Medium account without the need for a password.
The way that it works is that you would get an email sent to you. When you open this it will log you in. According to the official blog post published on Monday, the link that you are given to log into Medium has the following properties:
- You’re automatically notified when someone tries to sign in.
- The sign in link expires after a short amount of time.
- The sign in link can only be used once.
Well let’s take a look at this. This still requires you to log into your email so it’s not exactly password-free login. Additionally that link will allow anyone with that email to log into your account so that could be a security issue in that someone could coax you into forwarding the email to them.
In my opinion, alongside this ability to log in via an email, there should also be a two-step verification used like a time-sensitive one-time passcode. A lot of services like Dropbox, facebook and Lastpass allow you to enter a six-digit one-time passcode before you can access your account.
With that being said, I do agree that we need to move to a way to login without using a password.They can be long or complicated and hard to remember. For now, the workaround will be to use a password management solution/password vault like LastPass(which is free and quite safe to use).
However, until we move to a system that does not require an email address then we are stuck with email and requiring passwords for logging into things.