The GitHub, Google, Facebook, LinkedIn, and many other authentication methods are controlled not by users, but by corporate providers. For example, Facebook deleted my account for no reason, so I don't use Facebook since then.
Email authentication is more or less controlled by a user if the user uses an email address under the user's domain name. The user identity is still controlled by the domain name registrar and the email hoster, but they seize control less frequently than social networks. This authentication method requires that a user rents a domain name and an email hosting (if you want it to be secure). Email authentication may be slow since a user types their email address and waits until an email arrives at the user's email client program. (BTW, why the login form doesn't allow the web browser to fill the email address field?)
Authentication with client X.509 certificates is completely controlled by users. It only requires a web browser. It's already implemented in any TLS implementation. Granted, it isn't popular outside the financial industry, but you can be a pioneer. Here is an article on using authentication with client X.509 certificates in various web browsers.
No responses yet.