Plenty of services use a standard email-address as login token. This has advantages: The user doesn’t need to remember another keyword and the service provider knows that the email address is unique and can be verified. But there’s one BIG problem: Other people know your email-address and – with it – 50% of your login credentials. How to to eat the cake AND eat it? Read More →