We've all been there at some point—tempted to create a user account on a website that's mildly interesting, but the hassle of creating yet another unique password is just too high. Enter the secret URL, a Web address that ends with a long jumble of numbers and letters that aren't easily guessed.
NosPronos.com, a site for predicting winners in the World Cup, recently implemented this approach. Creating an account requires a single click and the entering of a user name. The site then assigns a unique URL for the user to bookmark. As long as it remains secret, the link locks down the account without requiring the user to enter a password or to use a computer or smartphone that stores a previously acquired authentication cookie."Noooooo I don't want to create an account either!" the creator of NosPronos wrote. "I know I'm going to need to come up with some password, not to mention I'll need to 'verify' my e-mail address, give a few personal details that I don't want to give, all that for something that I don't even care that much about... what a hassle, seriously." In a few days, he said, his site acquired thousands of users from all around the world.
There are some notable downsides to relying on a secret URL to authenticate oneself online. Web addresses have a way of leaking to the outside world and getting stored in a browser's history cache or a proxy server's log, Bruce Marshall, of PasswordResearch.com said. He noted that in the past secret, URLs for dating websites and other online services have become available in search engine results. Still, the approach may be suitable for low-value accounts that don't store sensitive data. The approach has the benefit of eliminating password data that so regularly gets filched from websites, something that benefits end users and website admins alike.
reader comments
68