# Passwordless Login: The Keys to Secure Logins ### Sam Curren and Mike Ebert --- ## Potential Workflows, which is/are best? --- ### Could do: - Traditional account signup, - then connect, - present a VC that must align with a key account attribute (such as email). - Use VC as authentication each subsequent login. - (We presently have this implemented.) --- - Traditional account signup, - then connect, - present a VC that must align with a key account attribute (such as email), and - link the account to this agent. - Use DID as authentication each subsequent login. - Can require periodic re-auth with VC or normal account. --- - Traditional account signup, - then connect and - link the account to this agent. - Use DID as authentication each subsequent login. - Can require periodic re-auth with normal account. --- ### But why bother when you could: - Connect with DID, - present a VC, and - create an account linked to attributes of this VC. - Use VC as authentication each subsequent login. --- - Connect with DID, - present a VC, and - create an account linked to attributes of this VC and to this agent. - Use DID as authentication each subsequent login. - Can require periodic re-auth with VC. --- - Connect with DID, - then create an account linked to this agent. - Use DID as authentication. --- ## Describe DID Login for me... --- ## Benefits of SSI-Based Passwordless Login: - So simple! - More secure--avoid or eliminate password-based logins - Avoids single point of failure - Avoids phone home - Avoids potential correlation - Avoids provider lookup process (Compare OIDC) --- ## Choices - Paired with traditional login/pw, or alone. - Authorize with VC - Login with DID - Periodic re-auth? - Relogin via... --- ## Recovery/Re-proving Ownership What is a good basis to re-prove account ownership if you don't have a traditional account setup? - Get a new matching VC (email, SMS, specialized). If the key attributes match, you're all set. - One-time passwords to unlock DID based accounts if the original agent/connection is lost?