In una risposta a questa domanda su pw reset , D.W. dice:
Lastly, consider non-password authentication. Passwords have many problems as an authentication mechanism, and you might consider other methods of authenticating users, such as storing a secure persistent cookie on their machine with an unguessable secret to authenticate them. This way, there is no password to forget and no way for the user to be phished, though you do need to provide a way for a user to authorize access from a new machine or a new browser (possibly via email to the user's pre-registered email address).
Come si fa? Quanto è sicura e user friendly questa soluzione? Quali sono gli svantaggi principali?