Why not just abandon passwords entirely?

It has been proven time and time again that passwords aren’t the best security measure, which is why Medium has decided to do away with them entirely in favor of sending one-time login links to your email address or phone number. This means that the moment you use the login link, it becomes obsolete and can’t be used a second time, which is an excellent way to prevent your accounts from being access by someone else. 

Streamlined blogging platform Medium rolled out a new login process Monday that throws the trusty old password out the window. Instead, you simply enter an email address or phone number, and a temporary login link lands in your inbox or phone—just like password reset or account verification links used by sites when you first sign up. “Passwords are neither secure nor simple,” writes Medium’s Jamie Talbot, summing up a sentiment that has been picking up steam lately. “They’re hard to remember or easy to guess, everyone reuses them (even though they know they shouldn’t), and they’re a pain to type on mobile. They don’t even keep you that safe.” For being gatekeepers (or bouncers) for our online accounts, they’re inordinately vulnerable. They can be “brute-forced” through trial and error, teased out of you with a cleverly worded email or IM message, applied to access numerous accounts—thanks to our insistence on using the sames ones over and over—and easily leaked out onto the Web. Put another way, they don’t really do a good job of proving that you are who you say you are, and keeping everyone else out.