I’m looking to implement a system, potentially with yii as a framework, where users won’t have to remember a password to gain access to the system. They will enter their username (or email address) on the login page and on clicking submit they will be sent a link to their registered email address. They can then click this link to log in (within a short number of minutes). This will work in a similar way to many forgotten password systems work. As an additional step the page the link takes them to will request a TOTP from google authenticator (or Authy etc) before completing the login process. I’ve searched google to see if anything like this exists already but I’ve not found anything yet. Is this possible in Yii and if so does something already exist. If it doesn’t exist would this appear to be a difficult project to implement?
This removes the requirement for a user to create, remember and manage a secure, unique password (eg post-it note on their monitor) and moves security of the login from my system to that of the users’ email, but backs it up with a 2nd factor in the form of the one time passcode. Many systems already work like this in the form of the “Forgotten password” functionality. I just want to avoid the password in the first place so that they do not have the option of accessing my system with the same password they use for everything else. (yes, I know that they probably use the same one for their email! )