Simple Login Alternative

This page records an earlier discussion on simplifying authentication. It points to one possible future direction.

Since only one person owns a wiki and has access to it, the complexity of having OpenID which in turn links you to a third-party login mechanism is superfluous. This in turn leads you to the well hated and overused paradigm of username/password. With only one user, why have a username at all?

Proposal:

To claim a wiki, you provide "the majick word". To log in and persist changes, you provide the magic word. Why have anything else? Just encrypt that, and I think that is all we need.

The identity of who owns the wiki and who has access to that singular magic word will be based on the URL. It should work nicely with current farm functionality.

See issue in github

very nice.

add to that a _remember me_ cookie so i never have to log in again from that computer - or optionally a client side ssl cert >:} and we're more magical than most.

Probably have to do the whole "Forgot your password?" thing too.

at which point you need to have an email address and mail and argh!

I like the "never have to log in again from that computer" very much. We can finally actually make use of cookies for what they were intended for!

Ok, I'm beginning to see the logic here. Let's say there is one button: CLAIM, When you push it you get a cookie that makes the site yours and the button disappears, never to return again.

Let's say that it also gives you some cryptographic credentials in the form of a web page with a link that, when clicked, returns a fresh copy of the cookie. You save-as to a place or two that you consider secure. Should the browser lose the cookie, you just find the saved link and click it.

Now as Nick has pointed out, if you lose all of this, you still have your content: its' public. You just make a new wiki and fork everything over.

Ah ha! Very good! Why have a magic word when you can have a magic key!