As some of you might already know, RX14 and I are working on a new forum software written in the Crystal programming language. We aim to have a software that's more efficient and faster than MyBB, and will be able to add new features to the software with ease. This thread is basically just a way for RX and I to post updates, and ask questions related to the new software. Our first question is pretty important. After reading this article , we sort of agree that dropping passwords completely, and having users sign in via an email that gets sent to them, is better on both our end (we won't be holding your passwords) and your end. "but what if someone gains access to my email account?!" They could just reset your password, there is no difference. So our question is: What is your opinion on dropping passwords altogether and signing in via emails?

idk wouldn't you just get like 5 emails daily? kinda spammy or..?

I don't really care either way. Passwords are fine with me but if you think dropping them will improve security then go ahead. The email thing might get me to check my inbox more often. 43665 idk wouldn't you just get like 5 emails daily? kinda spammy or..? From what I gathered the site just sends you one email with a link that you use to log in from then on.

My opinion, after reading that article, is that it makes no difference to me because apparently it's the same level of security anyways. I also have what's it called.. the authenticator security stuff on my email anyway so I don't have to worry about it.

Utsutsu wrote: idk wouldn't you just get like 5 emails daily? kinda spammy or..? If you login 5 times a day. But most people login once and stay logged in.

Signing in via email while much more convenient seems (at least on paper) a lot less safe seeing as anyone who gains access to your email also has access to your lewd account whereas so long as you can remember your lewd password your account is slightly safer. As for the redesign, I haven't been particularly bothered by the site's speed though I welcome any and all changes so long as the forum's layout stays somewhat similar.

That sort of sounds weird, usually you'd want to improve security by combining email + password + authenticator, not remove security layers (here the password layer) that result in relatively the same level of insecurity as before. Plus, like Utsutsu said, it'd get kinda spammy for emails, and it's quite honestly a major pain in the ass personally, as I tend to go deal with my emails on my phone, thus using the login link from the email on a phone would result in a pretty big fail cause the phone would be the one logged in, not my PC's browser. So, instead of just going on the website, typing my password, and getting in, I'd need to go on the website, type in my username, try to remember which email address out of my 4 addresses I used for this site, go to the website to access the email inbox for the right one of them, login to that email address, wait for the login email to come (which might not come considering how shitty email services are sometimes, with emails being sent but never received, not even in the spam box) if it still hasn't arrived during the 20 previous steps, and then click the link in that email to finally get logged in? Sounds like more trouble than it's worth.

I have mixed feelings about removing the password for receving an email to login. What spung up for this idea to come into action in the future? What if insted of receving an email, set up having to answer 1 or 2 questions that we either choose or enter in personally and enter it in a secure page.

I think the option of having a keyfile or AES256 key (a la SSH) would be nice. I personally use a password manager for all my logins to everything so for the people who have this setup will kind of get screwed over by this system. It's not a terrible idea, but I think having it as a option would be a better idea, alongside a keyfile login method.

Utsutsu wrote: idk wouldn't you just get like 5 emails daily? kinda spammy or..? It's every time you actually log in to lewd, so for most people, thats when they start using lewd with a new computer. I've only actually logged in to lewd maybe 3 times, ever. VyraLove wrote: My opinion, after reading that article, is that it makes no difference to me because apparently it's the same level of security anyways. I also have what's it called.. the authenticator security stuff on my email anyway so I don't have to worry about it. Yeah, having authenticatior on your email means that your email is pretty secure, and therefore your lewd account is pretty secure by proxy. Caffeine wrote: Signing in via email while much more convenient seems (at least on paper) a lot less safe seeing as anyone who gains access to your email also has access to your lewd account whereas so long as you can remember your lewd password your account is slightly safer. As the article, AND the OP said, if someone gains access to your email, they can use the password reset functionality to gain access to your account regardless. THis authentication provides the same or MORE security because there's only one way to access your account (email) instead of two (email, password). Kusoneko wrote: That sort of sounds weird, usually you'd want to improve security by combining email + password + authenticator, not remove security layers (here the password layer) that result in relatively the same level of insecurity as before. Plus, like Utsutsu said, it'd get kinda spammy for emails, and it's quite honestly a major pain in the ass personally, as I tend to go deal with my emails on my phone, thus using the login link from the email on a phone would result in a pretty big fail cause the phone would be the one logged in, not my PC's browser. So, instead of just going on the website, typing my password, and getting in, I'd need to go on the website, type in my username, try to remember which email address out of my 4 addresses I used for this site, go to the website to access the email inbox for the right one of them, login to that email address, wait for the login email to come (which might not come considering how shitty email services are sometimes, with emails being sent but never received, not even in the spam box) if it still hasn't arrived during the 20 previous steps, and then click the link in that email to finally get logged in? Sounds like more trouble than it's worth. It could send you a link, or time-based PIN. Then you could log in using your phone. As said, the current situation is that breach of email == breach of lewd account regardless, so it's the same security level. As for adding 2FA to lewd, I'm up for that, and that would be my preferred method for securing lewd (email + 2fa, no password reset possible), but with just email access for people who don't want 2fa.

Lokorfi wrote: will it remember to keep me logged in? if so i'm all for it because sometimes i have to close out of lewd too. Of course, this system will only be used after manuually logging out, or on a new computer. Where you would enter your password normally. Biggest_Mike wrote: What if insted of receving an email, set up having to answer 1 or 2 questions that we either choose or enter in personally and enter it in a secure page. So, a password? Camo Yoshi wrote: I think the option of having a keyfile or AES256 key (a la SSH) would be nice. I personally use a password manager for all my logins to everything so for the people who have this setup will kind of get screwed over by this system. It's not a terrible idea, but I think having it as a option would be a better idea, alongside a keyfile login method. How will you get screwed over? Just don't add it to your password manager. Your email account details are your new lewd login details. SSH auth (ssh to this ip, type code returned by ssh) would be nice, but a much later thing I would implement.

2lewd discussion

floattube

Itanium2 wrote:
Installing Oracle Solaris is the only way to secure this site.

Can't believe people are ignoring this grand advice.

Backlash

Revisiting one of my previous statements, I'd like to mention that one of the reasons I joined Lewd was how comfy it was (and still is), and one of the reasons I appraised it as such was the ease with which I could create my account and start posting. Certainly, email logins are markedly more secure, but I'd never even heard of them before reading this thread. I can say with surety that, if such a system were implemented previous to my discovery of Lewd, it would've confused me enough that I wouldn't even bother returning after a while.

As an aside, I'd also like to point out that if such a system were implemented, it'd probably resemble Google's uber-annoying two-step verification process. Sure, you wouldn't have to remember a password on paper, but that only applies when you're on one computer and using one browser. Imagine if you've got multiple browsers on multiple machines like me; every separate login means yet another trip to my inbox. If it's a chore for dedicated users like me, then new users are likely to deem it a waste of time, and leave for greener pastures.

It's kinda hard for me to find words right now, so I'll keep it short: Implementing email login as the default (or only) method to access Lewd is an incredibly bad idea, simply because most people aren't used to it. As such, we ought to maintain the traditional username-and-password login by default, and offer the new method as an optional layer of security for anyone who's interested.

clicky

I'd recommend reading the article in its entirety, it addresses a lot of the points people are making here.

Nodoudt

Just a thought, but...

If this new login method is (from what I understand to be) easy to implement - would it then not be too crazy of an idea to simply update Lewd to the new system for a day or two? Then see what the overall user response is?

As long as it is clearly communicated to the site that a test is being conducted - and you are able to revert to the old manner of doing things with relative ease, I don't see how there could be any major issues with doing so.

Although, it does place extraordinarily high accountability on whomever pulls the trigger, especially in the case of a misfire.

To me, it seems as though the only major hangups over this are the speed at which the login link is sent, and how "secure" users actually feel with the using new method. Aside from that, I would say that giving this it's own "beta test" could serve to help us better understand what we're dealing with.

I hope that isn't too extreme of a proposal, but I feel it's certainly one worth considering.

Zigzagoon

From how it sounds like it, well for me, that it is going to how steam log us in; like when you log in somewhere new it give us the code to input that was send to make sure it us except here it just we are telling the site to send an email then going to our email to actually log us in to the site...if what I said make sense as I just making sure I understand what (trying) to happen lol and it is true then I would accept the change to a non-password log in.

My only question would be that the email is have a special code to have us enter to log in the site or like a special link to click on?

Cat

A bit off topic, but I do love how dedicated you are that you're willing to rewrite the entire forum just for increased efficiency and easier ability to implement features. Or maybe it's because you have nothing better to do lmao. However on the subject of the login method, I definitely prefer the classic email/username and password method. It's simple, tried and tested, and very effective. No need to reinvent the wheel unnecessarily.

Steph

Cat wrote:
A bit off topic, but I do love how dedicated you are that you're willing to rewrite the entire forum just for increased efficiency and easier ability to implement features. Or maybe it's because you have nothing better to do lmao. However on the subject of the login method, I definitely prefer the classic email/username and password method. It's simple, tried and tested, and very effective. No need to reinvent the wheel unnecessarily.

It's the latter, need something to do in the summer break haha.

Zee Quality

TheXzoron wrote:
360 million reasons to destroy the idea of email auth

Not only that, but given that most web mail clients themselves ask for two-factor authentication based on your phone, and require it even for new accounts, I don't see how asking for it here would help much. To me, passworless login sounds like another step toward handing all electronic security over to direct management by a lone central authority.

Lately, I've been using http://angel.net/~nic/passwd.current.html to generate unique passwords for different sites. It could probably be improved in a number of ways, but the general concept of using hashes on the client side to generate different passwords rather than encrypting them sounds nice.

Melancholy wrote:
If we do add it, we will also have SSO options; like Farcebook, Steam, Google+, whatever.

If you have SSO, would you allow for OpenID accounts, like Livejournal and Dreamwidth?

Steph

Zee Quality wrote:
Lately, I've been using http://angel.net/~nic/passwd.current.html to generate unique passwords for different sites. It could probably be improved in a number of ways, but the general concept of using hashes on the client side to generate different passwords rather than encrypting them sounds nice.

I use http://masterpasswordapp.com/ which is pretty much exactly this but more multiplatform and has more options. I've been using it for a while and its really quite good.

[deleted]

I don't see how passwords are a security problem if a secure hashing method is used (e.g. bcrypt or scrypt). Why not just add Authy and IP whitelisting?

EDIT: I imagine a lot of people are like me, and they do not store their passwords in their browser. I use randomly generated passwords, and I throw them in LastPass. Logging in is almost automatic for me. Checking for an email every time I login would be annoying.

Steph

matt wrote:
I don't see how passwords are a security problem if a secure hashing method is used (e.g. bcrypt or scrypt). Why not just add Authy and IP whitelisting?

EDIT: I imagine a lot of people are like me, and they do not store their passwords in their browser. I use randomly generated passwords, and I throw them in LastPass. Logging in is almost automatic for me. Checking for an email every time I login would be annoying.

I never said passwords are a security problem. This approach is nearly the same security. I don't view this change as adding security, just a different way of providing it which suits some people better.

From the feedback we have recieved here, it looks like we won't be implementing this change: we'll continue on with our password-based system on 2lewd like we currently have. Maybe we'll add this as an option later - who knows.

Mew

A little bold to use a language that's still in alpha. What made you choose Crystal?

clicky

Mew wrote:
A little bold to use a language that's still in alpha. What made you choose Crystal?

the sex appeal

tn5421

Definitely the hair drills.

clicky

Mew wrote:
A little bold to use a language that's still in alpha. What made you choose Crystal?

In all seriousness, Crystal (while pretty new) is a great, fast language that resembles Ruby and compiles down to native code. I mainly think it was chosen because both RX and I like the language.

Mew

It's fine if you like it, but did you take a look at Elixir? It seems to be what all the Rubyists are flocking to.

clicky

Mew wrote:
It's fine if you like it, but did you take a look at Elixir? It seems to be what all the Rubyists are flocking to.

Crystal compiles into native code and has C bindings, I'd think that'd be better for performance.

Mew

I don't think performance would be a concern with either option, but if you're worried about how Elixir fares, this post has been making the rounds for a while: http://www.phoenixframework.org/v0.7.2/blog/the-road-to-2-million-websocket-connections

Well, I'm not going to try to convince you to change your choice any more than this. I have no experience with either language anyway, I just thought the choice of an alpha language was strange and Elixir seemed to be the obvious alternative.

FukuchiChiisaia

Whatever as long it is more security for us.

Steph

Ok, let me reply because @Melancholy has no idea what he's talking about.

Mew wrote:
A little bold to use a language that's still in alpha. What made you choose Crystal?

Crystal, to me doesn't feel like an alpha langauge. It never randomly segfaults, the compiler never randomly crashes, and in general things just work. The only think thats alpha about it is the pace of breaking changes, which isnt really a problem to small teams such as me and Senpai.

Mew wrote:
It's fine if you like it, but did you take a look at Elixir? It seems to be what all the Rubyists are flocking to.

I have taken a look at Elixir, but i have never used it. Senpai is right that Crystal is faster than Elixir in raw speed, but at the difference we're talking about it really doesn't matter. Speed was not why I chose crystal over Elixir. It's simply experience. I've been a part of the crystal community for quite a while, I know the people in IRC and am just generally comfortable with crystal. Yes, I do need to learn Elixir but I would learn Elixir by doing a project less ambitious than rewriting lewd.

On top of that, crystal is much more similar to ruby than elixir, so senpai will be much more comfortable with it. I'm not really comfortable comparing elixir and crystal any mroe, because I honestly havent tried it much, but crystal has sort of CSP/green threads like erlang/otp does.

« Previous Page Next Page »