The Digital Standard is an ambitious, community-led effort to build a framework to test and rate products and services on the basis of privacy, security, and data practices.
I think this section could be expanded to include criteria for more types of authentication. Passwordless login comes to mind here. This style of authentication could be implemented with one-click email logins or oauth based login. Without user provided passwords, this is can be more secure, but only if meeting certain criteria. For example, if login urls are emailed to users, the tokens in the links should not be guessable and should expire.
Authentication standard
I think this section could be expanded to include criteria for more types of authentication. Passwordless login comes to mind here. This style of authentication could be implemented with one-click email logins or oauth based login. Without user provided passwords, this is can be more secure, but only if meeting certain criteria. For example, if login urls are emailed to users, the tokens in the links should not be guessable and should expire.