The Auth Apocalypse

Hear me now and hear me well, the auth apocalypse is nigh.

No but seriously some of the FAANG or whatever they’re called now has formed a consortium and they’re coming to eat open website authentication for lunch.

Apple, Google, and Microsoft commit to expanded support for FIDO standard - Apple

Whenever world beating corporations team up, it’s never a good thing. There’s really nothing we can do to stop this hijacking from happening, this is a “if you can’t beat ‘em join em situation.”

Or is it?

I found some inspiration to make signing up for new services hilariously easy. Mullvad VPN has paved the way for a stupid simple and quick sign up process.

You go to a website
You click the sign up button
You get a 16 digit random number split into 4 parts
You keep that number a secret and use that to login again

Obviously there are a lot of problems with this, people can lose it and lose access to their account.

One addition I would make to mullvad’s ingenious sign up process is to let users optionally add an email address or phone number to their accounts after they sign up. Then if they do forget that number or share it accidentally, they can reset it with a link, similar to a forgotten password.

The script has been flipped, instead of asking visitors for something right away, you give them something instead, which feels right, they did do the heavy lifting of visiting your website after all.

As an added bonus, this might just stave off the auth apocalypse, or at least give indies a fighting chance.