Better Alternatives Than Passwords?

It would be worth talking more about the problem you are trying to solve. What do you want to authenticate to? What issues do you have with passwords?

That will probably help the community help you.

Just send your users a login link to their email.

If you go with passwords, you already have a risk vector for resetting passwords. Skip the password and the reset.

Make the login link expire after 10 minutes so they attackers only have a short window.

Passkeys. You're looking for passkeys.

Steve Gibson invented something you may like: Simple Quick Reliable Login https://www.grc.com/sqrl/sqrl.htm

Choose from some combination of:

* Something you know (memorizing a password, PIN, whatever)

* Something you are (biometrics)

* Something you have (2FA, passkeys, OTP keys)

I think all three have been done in various combinations, and each have their pros and cons. Of those, I personally find Passkeys to be the easiest to use, especially with password manager that can sync across devices.

i was thinking the user having an image act as a password/key. ---then locking the key to said devices only acting like 2FA ------voice login??? ---------if the user is say from los angeles their passcode only works here ---passcode but with images interchanging passwords that the user can custom set. -----having the user record their room with their face in it and a simple phrase loike banana' oranges' apples'.

What are you trying to authenticate? A machine? A human?

Using methods like email or SMS magic links, QR codes, or biometrics instead of passwords.

Async cryptography? So tls certificates or passkeys. Even Kerberos tickets be part of that

Passwords are great, stop tinkering with stuff that isn't broken.

The answer depends on what exactly you don't like in passwords.

Mynoise.net has logins that don’t require a password. I love it.

Who gives a shit if someone logs in as me on that site? And why would anyone bother?