2lewd discussion

clicky

As some of you might already know, RX14 and I are working on a new forum software written in the Crystal programming language.

We aim to have a software that's more efficient and faster than MyBB, and will be able to add new features to the software with ease.

This thread is basically just a way for RX and I to post updates, and ask questions related to the new software.

Our first question is pretty important.

After reading this article, we sort of agree that dropping passwords completely, and having users sign in via an email that gets sent to them, is better on both our end (we won't be holding your passwords) and your end.

"but what if someone gains access to my email account?!"

They could just reset your password, there is no difference.

So our question is: What is your opinion on dropping passwords altogether and signing in via emails?

Utsutsu

idk wouldn't you just get like 5 emails daily? kinda spammy or..?

All in One

I don't really care either way. Passwords are fine with me but if you think dropping them will improve security then go ahead. The email thing might get me to check my inbox more often.

43665
idk wouldn't you just get like 5 emails daily? kinda spammy or..?
From what I gathered the site just sends you one email with a link that you use to log in from then on.

VyraLove

My opinion, after reading that article, is that it makes no difference to me because apparently it's the same level of security anyways. I also have what's it called.. the authenticator security stuff on my email anyway so I don't have to worry about it.

clicky

Utsutsu wrote:
idk wouldn't you just get like 5 emails daily? kinda spammy or..?

If you login 5 times a day. But most people login once and stay logged in.

Caffeine

Signing in via email while much more convenient seems (at least on paper) a lot less safe seeing as anyone who gains access to your email also has access to your lewd account whereas so long as you can remember your lewd password your account is slightly safer.

As for the redesign, I haven't been particularly bothered by the site's speed though I welcome any and all changes so long as the forum's layout stays somewhat similar.

Kusoneko

That sort of sounds weird, usually you'd want to improve security by combining email + password + authenticator, not remove security layers (here the password layer) that result in relatively the same level of insecurity as before. Plus, like Utsutsu said, it'd get kinda spammy for emails, and it's quite honestly a major pain in the ass personally, as I tend to go deal with my emails on my phone, thus using the login link from the email on a phone would result in a pretty big fail cause the phone would be the one logged in, not my PC's browser. So, instead of just going on the website, typing my password, and getting in, I'd need to go on the website, type in my username, try to remember which email address out of my 4 addresses I used for this site, go to the website to access the email inbox for the right one of them, login to that email address, wait for the login email to come (which might not come considering how shitty email services are sometimes, with emails being sent but never received, not even in the spam box) if it still hasn't arrived during the 20 previous steps, and then click the link in that email to finally get logged in? Sounds like more trouble than it's worth.

Biggest_Mike

I have mixed feelings about removing the password for receving an email to login. What spung up for this idea to come into action in the future?

What if insted of receving an email, set up having to answer 1 or 2 questions that we either choose or enter in personally and enter it in a secure page.

Camo Yoshi

I think the option of having a keyfile or AES256 key (a la SSH) would be nice. I personally use a password manager for all my logins to everything so for the people who have this setup will kind of get screwed over by this system. It's not a terrible idea, but I think having it as a option would be a better idea, alongside a keyfile login method.

Steph

Utsutsu wrote:
idk wouldn't you just get like 5 emails daily? kinda spammy or..?

It's every time you actually log in to lewd, so for most people, thats when they start using lewd with a new computer. I've only actually logged in to lewd maybe 3 times, ever.

VyraLove wrote:
My opinion, after reading that article, is that it makes no difference to me because apparently it's the same level of security anyways. I also have what's it called.. the authenticator security stuff on my email anyway so I don't have to worry about it.

Yeah, having authenticatior on your email means that your email is pretty secure, and therefore your lewd account is pretty secure by proxy.

Caffeine wrote:
Signing in via email while much more convenient seems (at least on paper) a lot less safe seeing as anyone who gains access to your email also has access to your lewd account whereas so long as you can remember your lewd password your account is slightly safer.

As the article, AND the OP said, if someone gains access to your email, they can use the password reset functionality to gain access to your account regardless. THis authentication provides the same or MORE security because there's only one way to access your account (email) instead of two (email, password).

Kusoneko wrote:
That sort of sounds weird, usually you'd want to improve security by combining email + password + authenticator, not remove security layers (here the password layer) that result in relatively the same level of insecurity as before. Plus, like Utsutsu said, it'd get kinda spammy for emails, and it's quite honestly a major pain in the ass personally, as I tend to go deal with my emails on my phone, thus using the login link from the email on a phone would result in a pretty big fail cause the phone would be the one logged in, not my PC's browser. So, instead of just going on the website, typing my password, and getting in, I'd need to go on the website, type in my username, try to remember which email address out of my 4 addresses I used for this site, go to the website to access the email inbox for the right one of them, login to that email address, wait for the login email to come (which might not come considering how shitty email services are sometimes, with emails being sent but never received, not even in the spam box) if it still hasn't arrived during the 20 previous steps, and then click the link in that email to finally get logged in? Sounds like more trouble than it's worth.

It could send you a link, or time-based PIN. Then you could log in using your phone. As said, the current situation is that breach of email == breach of lewd account regardless, so it's the same security level. As for adding 2FA to lewd, I'm up for that, and that would be my preferred method for securing lewd (email + 2fa, no password reset possible), but with just email access for people who don't want 2fa.

Steph

Lokorfi wrote:
will it remember to keep me logged in? if so i'm all for it because sometimes i have to close out of lewd too.

Of course, this system will only be used after manuually logging out, or on a new computer. Where you would enter your password normally.

Biggest_Mike wrote:
What if insted of receving an email, set up having to answer 1 or 2 questions that we either choose or enter in personally and enter it in a secure page.

So, a password?

Camo Yoshi wrote:
I think the option of having a keyfile or AES256 key (a la SSH) would be nice. I personally use a password manager for all my logins to everything so for the people who have this setup will kind of get screwed over by this system. It's not a terrible idea, but I think having it as a option would be a better idea, alongside a keyfile login method.

How will you get screwed over? Just don't add it to your password manager. Your email account details are your new lewd login details. SSH auth (ssh to this ip, type code returned by ssh) would be nice, but a much later thing I would implement.

Kusoneko

Well, if you implement 2FA as an alternative to this, email login thingy, then I don't really mind.

Steph

Kusoneko wrote:
Well, if you implement 2FA as an alternative to this, email login thingy, then I don't really mind.

It would be email plus 2fa, except you can't reset your 2fa backup codes via email so that it's actually two-factor. Typing a code across from your phone to your PC shouldn't be hard...

Kusoneko

Then, it brings us back to the issue I mentioned earlier: sometimes, emails just don't come. They're not in the inbox, and not in the spam box, even after 30 mins. How do you want to login then? Oh wait, you can't cause that's precisely how you're supposed to. Unlike passwords, which you only need to remember your own password, sending a email depends entirely on some service that sometimes randomly fails.

clicky

Kusoneko wrote:
Then, it brings us back to the issue I mentioned earlier: sometimes, emails just don't come. They're not in the inbox, and not in the spam box, even after 30 mins. How do you want to login then? Oh wait, you can't cause that's precisely how you're supposed to. Unlike passwords, which you only need to remember your own password, sending a email depends entirely on some service that sometimes randomly fails.

Ever since we switched to using mailgun's API for sending emails ₆ months ago or something, we've very rarely had an email not go through.

Steph

Kusoneko wrote:
Then, it brings us back to the issue I mentioned earlier: sometimes, emails just don't come. They're not in the inbox, and not in the spam box, even after 30 mins. How do you want to login then? Oh wait, you can't cause that's precisely how you're supposed to. Unlike passwords, which you only need to remember your own password, sending a email depends entirely on some service that sometimes randomly fails.

Hmmn, I didn't really consider the reliability of email when thinking about this, and I missed your point in your first post sorry, I'll have a think about this one. I have had emails which take way too long to come through myself.

Melancholy wrote:
Kusoneko wrote:
Then, it brings us back to the issue I mentioned earlier: sometimes, emails just don't come. They're not in the inbox, and not in the spam box, even after 30 mins. How do you want to login then? Oh wait, you can't cause that's precisely how you're supposed to. Unlike passwords, which you only need to remember your own password, sending a email depends entirely on some service that sometimes randomly fails.

Ever since we switched to using mailgun's API for sending emails ₆ months ago or something, we've very rarely had an email not go through.

This could be on the recieveing side however, sometimes emails just don't come through.

Kusoneko

That doesn't make email resistant to fails. The issue can come from any point between being sent from lewd's server to being received by the particular mail server that deals with one's email account. Heck, sometimes I get issues between me and the mail server. It certainly isn't your fault if the mail fails past mailgun's stuff, but it is your fault if we can't login because email is the only way to do so, and email is failing for some reason.

PetersPark

I've been using mozilla persona as my only login authentication on my website and it worked out great. I think this is the way to go and with 2fa it would be even greater. (sure an ssh key would also be awesome)

Nyan

I feel a little too uneasy about abolishing passwords. I don't want to go to my email every time I want to log in. (and yes I know it's for every new device)

It's not a bad concept, though. Sure beats trying to remember your password for each site.

clicky

If we do add it, we will also have SSO options; like Farcebook, Steam, Google+, whatever.