I wrote earlier this week about Medium’s plan to allow users to log into their accounts, just by using your email address, but without requiring a password.
I’m not a big fan of this approach, and would rather have seen the company give users the option to use a complex, unique password (remembered and generated by a good password manager, obviously). If they had combined that with two-factor authentication and other methods of protecting accounts, all the better.
But a thought struck me after I wrote the article grumbling about Medium’s password-less way to login.
Why are Medium really doing this? Is it to boost their users’ security? Or is it actually to better protect themselves?
And the answer - clearly - is that it helps Medium massively if their users don’t need passwords to log into accounts.
Because if none of your users have passwords (they either login via Twitter or Facebook or via the “we’ll send you a login link via email” approach) then naturally Medium doesn’t have to store any passwords or password hashes.
And if Medium hasn’t got any of the users’ login credentials (other than email address) then they can quite easily shrug off any fears of hackers ever getting hold of the (non-existent) passwords.
That’s not to say that Medium accounts won’t get broken into from time to time, but Medium can feel fairly confident it won’t be because they’ve been careless with their password database.
Instead, Medium will be able to point a finger at its users and say “Well clearly *you* screwed up, not us”.
So, from Medium’s point of view, it makes a lot of sense not to allow users to have passwords on their accounts. But I’m still not convinced that it’s a security upgrade for its users.