I remember some time ago I discovered that my credit card's website had a "temporary virtual card" feature where it would generate an alternate number, which I could use to access my real credit card, that would expire after a very small period of time (say like 10 minutes). I found this to be very handy; it allowed me to, for instance, share a credit card number with my wife over an insecure medium (I don't remember what, but let's just say it was an online chat) without having to worry about someone obtaining my number and compromising my account outside a controlled window.
What I was wondering is if anything like this exists for website passwords. If I wanted to give a trusted friend or family member access to one of my accounts online, just to take a look at something for five minutes for example, it would be nice if I could do so without revealing my "true" password, but also without having to go through the hassle of changing my password, letting him/her use it for a short time, and then changing it back.
Does such a thing exist?
Edit: I realize this probably wouldn't be possible in the sense that you could log straight into any arbitrary website using a temporary password unless that website had specifically implemented such a feature. I'm thinking of it working more like this:
- You (the user) sign up for this "temporary password" service.
- You supply the service with your real password to a particular destination site.
- You ask the service to generate a temporary password for you.
- The service gives you a link to a "gateway" page where the temporary password will be required. If the temporary password is entered here, the service will forward traffic to the destination site, automatically logging in with your real password.
Another possibility (again, in my mind) is that the service could actually function similarly to OpenID; that is, it would be required for sites to "opt in" for it to be supported, using some API. Then gradually over time more and more sites could opt in thus making it fairly common. But still this would result in the implementation being in one place rather than each website having to implement such a feature independently.
Best Answer
It is possible, but only for single websites, not for the entire Web.
The difference between a password and a credit card is that credit cards are verified with the company (bank) that issued them, whereas it is impossible for a random site to know if a password is "permanent" or "temporary" unless the site's creators themselves implement a "temporary password" feature. (I don't know of any that do.)
It doesn't even make a difference if a website uses passwords or OpenIDs: the latter are verified before use, and you could obtain randomly-generated OpenIDs, but the problem is that an OpenID is not a password, it's an user name; so a temporary OpenID wouldn't grant access to your account unless the website allows you to list multiple OpenIDs (not all do).