W3C home > Mailing lists > Public > public-credentials@w3.org > November 2016

Re: Ditching passwords / email identifiers

From: Jacob Pratt <jhprattdev@gmail.com>
Date: Sat, 19 Nov 2016 23:22:17 -0500
Message-ID: <CAAFMpDpgZtc-ekmMbmfT1Wv6ECQEZ+2ExTjUCj4H=XzuG+WmzA@mail.gmail.com>
To: Timothy Holborn <timothy.holborn@gmail.com>
Cc: W3C Credentials Community Group <public-credentials@w3.org>
Certainly an interesting idea. This could also take advantage of the
increasing frequency of biometric sensors in mobile devices, eliminating
the need for a code (or some other identifier). It would be much simpler
than remembering a password, and much more secure for the vast majority of
people.

On Nov 19, 2016 11:05 PM, "Timothy Holborn" <timothy.holborn@gmail.com>
wrote:

> had an idea that for places where mobiles are ubiquitous, the means in
> which to ditch passwords and email related AUTH could be facilitated by
> simply providing SMS authentication (or mobile app alternative) which
> in-turn means no password is stored for the account at all...
>
> mobiles are increasingly used for banking, simply by tapping them on a
> payment gateway (via NFC).
>
> people barely need to use their passwords to get into a password protected
> site, and a great many people have difficulty remembering them or keeping
> them safe.
>
> alot of email providers are internationally based (whereas mobiles come
> under telecommunications law, including the misuse of them) and in some
> regions at least - the receipt of a sms does not cost the recipient funds.
>
> i am aware of a few problems with that method, including company owned
> mobiles, lost phones, etc.
>
> yet,
>
> i figured it was an idea worth noting.  may be an opportunity within the
> general space.
>
> Tim.H.
>
Received on Sunday, 20 November 2016 04:22:49 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:32 UTC