1

Looks like GE's FirstBuild community site is using Password Less Login pattern. For Login, they just email a custom temporary PIN to a registered email address

I am curious which other popular sites are using this pattern of Authentication? Is it mainstream? By mainstream I mean if 10 (or more) sites with large userbase (50K+ user) are using this pattern of Password Less Login.

We are currently using a off-the-shelf IAM solution for a very large user base. This off-the-shelf product doesn't support aforementioned Password Less Login scheme. I am planning to submit a Feature Request for this, but I want to first understand a) if this authentication pattern is mainstream; b) Is it NOT less secure than a static password with email based password recovery system.

Having a list of sites that are using this pattern of Authentication, will help me in making a case for the Feature Request.

I read that Mozilla Foundation wanted to use this form of Authentication for Webmaker. But doesn't seem like they implemented it. That's why I am curious.

Saqib Ali
  • 223
  • 1
  • 8
  • Dear reviewers, I have edited the question to make it more specific. Please remove the hold on the question. – Saqib Ali Sep 12 '17 at 16:59
  • Part of what makes this question iffy is that you are asking if it is mainstream. What is your definition of mainstream: the hipster definition? majority consensus (>50% of what list of sites)? or did you mean mainline? – NH. Sep 13 '17 at 15:14
  • @NH. I updated the question to be more specific on what I mean by mainstream – Saqib Ali Sep 13 '17 at 18:16
  • Now you're asking for a list of sites using a specific technology, which is essentially a trivia question: you can answer it yourself by selecting a number of large sites and seeing if they use whatever pattern you want. Question b, about the security of the pattern, is on topic, but I'm fairly sure we have a question giving the pros and cons somewhere. I'll have a quick look and see if I can find it. – Matthew Sep 13 '17 at 19:10
  • 2
    Here: https://security.stackexchange.com/q/53346/89876 – Matthew Sep 13 '17 at 19:13

2 Answers2

2

I know https://medium.com/ is using it. They send link to your email address and you should click on it to let you use the service.

Nima Saed
  • 129
  • 2
1

Apparently, also a WordPress plugin exists that uses it: https://wordpress.org/plugins/passwordless-login/

However, the default version of the site uses normal password authentication.

aaphond
  • 65
  • 5