Login-less Apps

Identity on the web is a big problem. We have logins for every website we visit, and only the most savvy among us use a password manager to make sure that the inevitable database leak doesn’t burn us everywhere.

There have been attempts to solve this problem - OpenID for one, Facebook Connect (as well as the similar services from Twitter and LinkedIn), and Mozilla’s new Persona, which is the first real alternative to a traditional login system.

But I saw today a really interesting paradigm - the login-less app. Emmanuel Bégué created Urgeous, a Posterous clone, which is primarily focused on post-by-email, one of Posterous’s most interesting features.

Since he was implementing post-by-email, and email is the default definition of identity, he got rid of a login system altogether. Instead, everything sent from your email address is a post on your behalf. To edit posts you use a link with a unique code that is generated and sent to you when a post is published.

This is a very specific scenario, and one in which you don’t need to rely on a persistent state, but it brings up an interesting point - do we really need all these login systems? Does Quora really need me to login to read beyond the first answer?

It’s almost reflex to include a login system when building a new web app, but we as developers would be wise to really consider the needs of our application before adding yet another layer of broken login systems onto our users.