I haven't really looked into this, but is this really more secure than passwords? Ok, ignoring the majority of passwords are something like `password`, given you store the secret key in plain text, if your database gets hacked, doesn't that mean you can access everyones account?

really useful!!