> all without requiring any additional steps or devices during authentication.
This is empirically false. What if you don't have a mobile device? The US Veterans Affairs login system used email/password. Someone decided that wasn't secure enough so they built a system which required a mobile device. With the new system there is no option to login if you don't have a smart phone. It lasted about a week before they allowed us to login with the old email/password system again. There are enough people who don't know how to use authentication apps or who refuse to get a mobile gadget for this to work as well as they think. I'm glad someone is thinking about the problems of passwords but they need someone on their team that isn't a 20-year-old living in San Francisco.
I agree that it's not ideal at all. Balancing security and usability is the biggest challenge here. I wrote this before they launched the feature, and I've tried it on an iOS app last month when the feature finally became available. It was way clunkier and annoying than I expected, and I'm a 25-year old who works in UX design. Definitely needs a lot of improvement from what I've tried so far.
I would be in favor of dumping passwords altogether if a better system was available. Thankfully Apple remembers all of mine. I couldn’t. I know, they could potentially get hacked but what are you going to do? No one can remember hundreds of passwords.
> all without requiring any additional steps or devices during authentication.
This is empirically false. What if you don't have a mobile device? The US Veterans Affairs login system used email/password. Someone decided that wasn't secure enough so they built a system which required a mobile device. With the new system there is no option to login if you don't have a smart phone. It lasted about a week before they allowed us to login with the old email/password system again. There are enough people who don't know how to use authentication apps or who refuse to get a mobile gadget for this to work as well as they think. I'm glad someone is thinking about the problems of passwords but they need someone on their team that isn't a 20-year-old living in San Francisco.
I agree that it's not ideal at all. Balancing security and usability is the biggest challenge here. I wrote this before they launched the feature, and I've tried it on an iOS app last month when the feature finally became available. It was way clunkier and annoying than I expected, and I'm a 25-year old who works in UX design. Definitely needs a lot of improvement from what I've tried so far.
I would be in favor of dumping passwords altogether if a better system was available. Thankfully Apple remembers all of mine. I couldn’t. I know, they could potentially get hacked but what are you going to do? No one can remember hundreds of passwords.
very interesting, gonna change all my passwords right now hahaha