One drawback of any service requiring an account is that of using it on a computer that doesn't belong to you. This is both an issue for ease of use (remembering password) and security (monitoring software/keyloggers/snoopers). I had the idea earlier of a remedy for this: Kagi Keys (name could be better ik).
Keys would be a randomly-generated 6-word phrase, much like a Bitcoin wallet seed phrase. Keys could be generated by any logged-in Kagi account. Upon generation, Keys are given a label (optional), a search budget, and an expiration date.
Using a Key would be simple, on the login page there would be an additional option of logging in with your unique 6-word phrase. Only this phrase would be needed to login, removing the both the need to remember your password and the security risks of giving your password to an untrusted computer.
Upon logging in with a Key, users would enter a special Kagi session. This session has no access to settings, no access to the session token, and cannot change any domain settings. The idea here is to prevent any access to sensitive user data or changing user settings in case of a compromised Key. Searches can be made as normal, within the search budget provided upon Key generation. Once the user is done with that Key session, they can logout and optionally delete the Key. If the Key isn't deleted upon logout, it remains available until its expiration date.
I believe a system like this could make using Kagi on public/untrusted computers a smoother and more secure experience. If there's any gaping security issue in this I haven't thought of or explained properly please let me know!
