(07-04-2016, 04:50 PM)Utsutsu Wrote: idk wouldn't you just get like 5 emails daily? kinda spammy or..?
It's every time you actually log in to lewd, so for most people, thats when they start using lewd with a new computer. I've only actually logged in to lewd maybe 3 times, ever.
(07-04-2016, 05:03 PM)VyraLove Wrote: My opinion, after reading that article, is that it makes no difference to me because apparently it's the same level of security anyways. I also have what's it called.. the authenticator security stuff on my email anyway so I don't have to worry about it.
Yeah, having authenticatior on your email means that your email is pretty secure, and therefore your lewd account is pretty secure by proxy.
(07-04-2016, 05:17 PM)Caffeine Wrote: Signing in via email while much more convenient seems (at least on paper) a lot less safe seeing as anyone who gains access to your email also has access to your lewd account whereas so long as you can remember your lewd password your account is slightly safer.
As the article, AND the OP said, if someone gains access to your email, they can use the password reset functionality to gain access to your account regardless. THis authentication provides the same or MORE security because there's only one way to access your account (email) instead of two (email, password).
(07-04-2016, 05:26 PM)Kusoneko Wrote: That sort of sounds weird, usually you'd want to improve security by combining email + password + authenticator, not remove security layers (here the password layer) that result in relatively the same level of insecurity as before. Plus, like Utsutsu said, it'd get kinda spammy for emails, and it's quite honestly a major pain in the ass personally, as I tend to go deal with my emails on my phone, thus using the login link from the email on a phone would result in a pretty big fail cause the phone would be the one logged in, not my PC's browser. So, instead of just going on the website, typing my password, and getting in, I'd need to go on the website, type in my username, try to remember which email address out of my 4 addresses I used for this site, go to the website to access the email inbox for the right one of them, login to that email address, wait for the login email to come (which might not come considering how shitty email services are sometimes, with emails being sent but never received, not even in the spam box) if it still hasn't arrived during the 20 previous steps, and then click the link in that email to finally get logged in? Sounds like more trouble than it's worth.
It could send you a link, or time-based PIN. Then you could log in using your phone. As said, the current situation is that breach of email == breach of lewd account regardless, so it's the same security level. As for adding 2FA to lewd, I'm up for that, and that would be my preferred method for securing lewd (email + 2fa, no password reset possible), but with just email access for people who don't want 2fa.