đź“ťGPG-based authentication
It is possible to have an authentication protocol that is using GPG keys. So instead of entering your username/password or signing in with google or any identity provider, you just use your locally-generated GPG key as your identity.
Pros
It’s all local. You do not rely on any identity provider, your GPG key is generated locally.
No extra information leaked. The method provides a way sign up and verify it’s you when you return, but no additional information is provided to the service (e.g., your email is not exposed).
Potentially one-click. The operating system/browser can hide away most of the complexity of generating and managing GPG keys. For the user, this can be exposed as “managing identities.”
Cons
Harder to sync. If the key is protected with a master password, it should be pretty simple to sync the key between devices. OS/browser could do that.
Impossible to restore. If the master key is lost/password forgotten, there is no way to restore it.
See also
OpenID Connect can be used as a universal authentication system—OIDC + Self-Issued OpenID Provider cover the same use case as GPG-based authentication
Resources
Secure website-authentication using GPG keys—basically the same idea (found it after I came up with my own)