This would work pretty well for services that aren't meant to be used very often (where a lot of people already use the forgot password form frequently). As for other things... I'm not sure everyone would like to do this for signing in to Amazon or eBay, for example.
I like the approach, but as others have mentioned, I'd imagine many users would find this cumbersome.
Also, this system is only secure to an extent. Imagine if every website started using this system. Suddenly, the only password hackers would have to crack would be your email. You might then suggest that email use a similar alternative such as a text message, but all it would take is a cleverly devised virus on your phone to steal that information.
Well most existing systems allow you to reset your password by email, so it’s the same level of security really.
This is an interesting approach. It's just the other side of two-factor authentication, and might even be more secure than just a password. However, I suspect it's the side of two-factor authentication that people don't like, so I don't know if it's more user friendly.
I'd love to see this as part of an A/B test where some users go through this process and some don't.
How do people feel about not having passwords? They might not feel like it's more secure (however irrational that might be).
There will be something that replaces the traditional username:password approach for signing into websites, but it won't be this. It's just too complicated.
Signing into a website should be as easy as the demo of Apple Pay. One action without having to remember or do anything complicated and you're in.
This is a repost from Hacker News, but I'm curious what the design community here thinks about using sms, email to login to sites.