Is there any good plan to implement password-free login for Web sites now?

Is there any good plan to implement password-free login for Web sites now?

Background: The company operates more personnel, and third-party cooperation is also more, many operators have a third-party website account password, but if the operator leaves, this password may be lost or leaked. Therefore, an account management system is required to manage the accounts of these third parties. At the same time, the direct provision of accounts and passwords to operators to use the way is not good, may leak or password modification and other troublesome problems.

Therefore, now hope that the System Unified management user account and password, when a colleague needs to use the account, directly by the system to provide a URL link to him, the URL is encrypted account and password and to log on the site information, he can click on this URL link directly to the third-party website.

Example: operator A to log in to the Friend League to view the data, I do not have to tell him that we are in the friend's account and password, only need to generate a URL in the account management system to provide to him, he clicked on this link can login to the Friend League website. What is the best way to implement a feature like this? Or is there a ready-made solution? Business can also be considered.

Description: Now look for a bit on the internet, seemingly all in a browser extension of the way to achieve? This is the browser extension to the generated URL link inside the password resolved to automatically populate the login form inside it? For example: https://lastpass.com/

Do you have any good suggestions or plans? Thank you so much!

Reply content:

Is there any good plan to implement password-free login for Web sites now?

Background: The company operates more personnel, and third-party cooperation is also more, many operators have a third-party website account password, but if the operator leaves, this password may be lost or leaked. Therefore, an account management system is required to manage the accounts of these third parties. At the same time, the direct provision of accounts and passwords to operators to use the way is not good, may leak or password modification and other troublesome problems.

Therefore, now hope that the System Unified management user account and password, when a colleague needs to use the account, directly by the system to provide a URL link to him, the URL is encrypted account and password and to log on the site information, he can click on this URL link directly to the third-party website.

Example: operator A to log in to the Friend League to view the data, I do not have to tell him that we are in the friend's account and password, only need to generate a URL in the account management system to provide to him, he clicked on this link can login to the Friend League website. What is the best way to implement a feature like this? Or is there a ready-made solution? Business can also be considered.

Description: Now look for a bit on the internet, seemingly all in a browser extension of the way to achieve? This is the browser extension to the generated URL link inside the password resolved to automatically populate the login form inside it? For example: https://lastpass.com/

Do you have any good suggestions or plans? Thank you so much!

If you are working in depth with a third party, you can ask them to provide token support. Your server saves a username and password, gets a token from a third-party API, and your staff can use this token to go to a third party without having to re-enter the username and password, do you think?

LastPass and what you're saying is not a thing that LastPass does is to remember your username and password and then help you submit the form.
What you need is no user name and password is also authorized to view some data, if the third-party website support Token then it is good to do, if not support you do not want to do.

I feel very simple ah.
You can save a random string, and then use your own encryption method to encrypt it with the password, the encrypted string passed to the user on the line.

$id = $user['id'];$password = $user['password'];$rand = "";//根据自己的方法生成一个随机字符串，并把它存起来$token = md5(sha1($id.$rand).$password);//将其进行一定方式的加密，只做例子，可以自己设定

The $id and $token are then sent to the user, and if the authentication is matched, the login succeeds.
You can also set an expiration time to save together.

1. Best practice: According to the @incNick said, and friends of the Alliance and other needs of the user name password site to talk about cooperation, let them give you a login API, you can recruit programmers to develop a unified authentication system

2. A not a way to use the QQ client to save the "password." Most of the domestic account system can be directly or indirectly tied to the QQ account. Direct: Indirect: Baidu webmaster <-Baidu account number <-QQ
   The following is to solve the problem of how many operators logged into QQ. How about sharing the QR code?

3. Configure the agent for the operator's computer and use the "man-in-the-middle attack" method to set cookies on the browser. When an operator attempts to log on to a website through an agent, the agent intercepts the HTTP request, pretends to be a normal user to log on to a third-party web site to obtain a cookie, and then returns a successful response to the operator's browser.

1password, No.

