I just signed up for a profile in the BurningMan and they did one thing I really enjoyed. Sent a secure password over email, and didn’t ask me to change it.
Now, I’m also here for at least 3 other reasons, all related to what I think about passwords and authentication, but rather share them elsewhere (as it’s also a lot of ideas I need to organize).
Back to focus: how about implementing that in here?
If people don’t want to use any open auth, send in an email with a random generated secure password over email. And don’t ask to change later, but offer a button on the side which can’t be missed.
I realize how “insecure” that may look like, sending in passwords through email and storing them there, then not asking to change… But think about it.
Whoever chooses to have a password instead of oAuth isn’t so worried about security in the first place. They will probably note it down somewhere. If it’s this convenient, maybe at least they’ll keep a more secure pass for every other technical aspect of it. And for everyone else who wants to keep it secure, just change it.
After thinking so much about authentication, I think this is quite a good idea! Of course, although clearly not mine, I’m still biased.