My pal Ben Brown (who has known me so long that he remembers a time when I could vote without antiemetics) has an interesting proposal to manage login credentials; Ben begins by describing a pattern that I’ve absolutely used for some infrequent-login sites:
My personal solution to the too-many-password problem is to use completely random, automatically generated password when I create an account. Most websites will allow me to stay logged in forever, and on the odd occasion that I need to log in again, a password reset tool will send a link to your email account that will allow me to login again. This way, I don’t really have a password, but I can always gain access to any account, as long as I still have access to my secure email account.
His solution is to eliminate passwords altogether and email a unique, expiring login link to users when they wish to log in. Read the whole piece (and his followup) for the argument, which I find convincing.
In fact, I used a variant of this approach for SVP, a service I developed because I hate Evite and wanted to invite people to my birthday party in 2007. (After all, most of my friends are too popular and sophisticated to be particularly happy about managing credentials for a one-off site that some curmudgeon made to avoid using the ubiquitous alternative.) When I’d invite people to events, they’d get an email with a link that would log them in to RSVP for that event. Users could set passwords, but the site interaction model was designed to never require them. It was pretty successful on a (very) small scale: I had around 50 invitees/users and probably ten events before I stopped using the service, but everyone who wanted to come over seemed to be able to reply and no one complained about it to my face.