2lewd discussion

by Melancholy

dennsing
Lewdmaster Flex
Kohai
Posts: 135
Threads: 5
Joined: Apr 2016
Reputation: 3
07-05-2016, 12:56 AM
#43726 (26)
I have no clue what you are talking about but dropping passwords for.. whatever it's replacing it seems weird and scary and different and im scared

Can someone ELI5 what the new system is and why it would be better
Backlash
Thread Necromancer
Nephilim
Posts: 995
Threads: 33
Joined: Oct 2015
Reputation: 15
07-05-2016, 01:06 AM
#43731 (27)
(07-05-2016, 12:11 AM)tn5421 Wrote: I think you should just enable 2 factor authentication, personally.  I, like most other users, use some kind of password manager and this would inconvenience the large majority of us should passwords not be allowed.  I think that this would be fine as an opt-in or even an opt-out measure, though, as long as there were some way to not use it.

Aye, a choice would be best. But given the options, I'd probably stick with a traditional username/password system over this whole email shebang. The latter just seems like more trouble than it's worth, plus it might alienate new users.

Not gonna lie: if that was the policy back when I joined, I probably wouldn't be typing up this post right now.

(07-04-2016, 08:49 PM)Melancholy Wrote: If we do add it, we will also have SSO options; like Farcebook, Steam, Google+, whatever.

Pls no.

I've always considered Lewd to be its own separate, insulated, self-sufficient community. While SSO options might bring more users to the forums, odds are that anyone who's actually, genuinely interested in the community would've taken the time to make an account.

Besides. While we've got plenty of users that made a dozen posts and fucked off elsewhere, the alternative would be infinitely worse. I'd really, really prefer if Lewd didn't go the way of Usenet.

Red
Vampire hunter/metaphysician
Music
Posts: 59
Threads: 1
Joined: Sep 2015
Reputation: 2
07-05-2016, 02:19 AM
#43733 (28)
This is only a good idea if users can choose to have the emails encrypted with their pubkey.
To be perfectly honest I don't see the need for this kind of security.
Are you perhaps doing it because it's technically easier to accomplish?
In any case it will almost certainly decrease traffic, is it worth it?.
I do not think it is.

Domine, quo vadis?
[+] 1 user loves Red's post
PetersPark
(✿◕‿◕)
lainchan
Posts: 41
Threads: 1
Joined: Jan 2016
Reputation: 0
07-05-2016, 03:23 AM
#43738 (29)
(07-04-2016, 10:33 PM)snow Wrote:
(07-04-2016, 10:16 PM)floattube Wrote: I think I would prefer passwords tbh. Just seems inconvenient to me. But it isn't my website and it isn't something that will drive me away.

This is pretty much my sentiment regarding the email login instead of passwords. I also don't like the only other options being to login with another account of mine. I don't want to link shit just so I can login, I'd rather just input a password. None of that facebook, steam, g+ or email bs.
Well your account is already tied to your email. While not impossible, it's pretty hard to tie your account to nothing else,without getting lots of spam. 

I still don't really understand how this is any more inconvenient. We have to give our email anyways so for our first login it's just one step less. For any next login instead of opening your password manager you have to open your email client. 

It probably is easier to implement this instead of proper password storage and as we have seen over and over again, this doesn't even seem to exist, since lots of websites got their password db breached. 

It certainly would make sense to add a pub key. Even Facebook nowadays supports encrypted pgp mails. 

I think the worst thing about it, is that we just aren't used to it.
seel
flat is justice
Pumpkin
Posts: 1,240
Threads: 41
Joined: Oct 2015
Reputation: 13
07-05-2016, 04:31 AM
#43739 (30)
(07-05-2016, 03:23 AM)PetersPark Wrote:
(07-04-2016, 10:33 PM)snow Wrote:
(07-04-2016, 10:16 PM)floattube Wrote: I think I would prefer passwords tbh. Just seems inconvenient to me. But it isn't my website and it isn't something that will drive me away.

This is pretty much my sentiment regarding the email login instead of passwords. I also don't like the only other options being to login with another account of mine. I don't want to link shit just so I can login, I'd rather just input a password. None of that facebook, steam, g+ or email bs.
Well your account is already tied to your email. While not impossible, it's pretty hard to tie your account to nothing else,without getting lots of spam. 

I still don't really understand how this is any more inconvenient. We have to give our email anyways so for our first login it's just one step less. For any next login instead of opening your password manager you have to open your email client. 

It probably is easier to implement this instead of proper password storage and as we have seen over and over again, this doesn't even seem to exist, since lots of websites got their password db breached. 

It certainly would make sense to add a pub key. Even Facebook nowadays supports encrypted pgp mails. 

I think the worst thing about it, is that we just aren't used to it.

I don't use a password manager, so an extra step is simply just annoying. I'm not against change, and I certainly will give the feature its fair shot despite my current feelings towards it. I just don't want to open my email every time I have to login, much like I don't want to open my phone every time I want to login to steam. Guess I'll get over it and complain under my breath, we'll see.

RX14
Chibi Hentai Master
Optimist
Posts: 506
Threads: 5
Joined: Nov 2015
Reputation: 2
07-05-2016, 06:29 AM (This post was last modified: 07-05-2016, 06:30 AM by RX14.)
#43741 (31)
Important stuff at the bottom of this post, even if you don't read the replies please read that.

(07-04-2016, 06:30 PM)PetersPark Wrote: I've been using mozilla persona as my only login authentication on my website and it worked out great. I think this is the way to go and with 2fa it would be even greater. (sure an ssh key would also be awesome)

Unfortunately Persona is shutting down, so we can't use that. It also requires client-side javascript which is something I wish to avoid.

(07-04-2016, 10:33 PM)snow Wrote:
(07-04-2016, 10:16 PM)floattube Wrote: I think I would prefer passwords tbh. Just seems inconvenient to me. But it isn't my website and it isn't something that will drive me away.

This is pretty much my sentiment regarding the email login instead of passwords. I also don't like the only other options being to login with another account of mine. I don't want to link shit just so I can login, I'd rather just input a password. None of that facebook, steam, g+ or email bs.

Any social media logins would be optional alternatives.

(07-04-2016, 11:30 PM)Nodoudt Wrote: I gave the article a solid readthrough, and after the two or three times I went over it, the notion of e-mail security does seem like a novel idea, but perhaps one that needs to be fully fleshed-out in order to be implemented properly.

Personally, I feel that passwords provide a general level of security that should be suitable for most applications, and I certainly doubt that we have a wealth of valuable (albeit personal) information that is worth stealing. Of course, the e-mail system places less accountability on the website administration in the event of a breach, but the likelihood of that is very low in my opinion - especially for a small community such as this. It does seem exciting to adopt this new method of security, but I would at least advise some caution in doing so as it's still a fledgling concept.

The other point to mention is user experience.

Anyone who has ever used a forum is familiar with quickly typing in their username and password and jumping right into a thread - that's how it's always been. The familiarity and procedure of "logging in" would be the biggest hurdle to overcome. Most users might be hesitant to change over methods, but I'm sure they'd get used to it.

In all, this could be a great new way to protect Lewd's users, and the website is new enough that it can adopt the new system without too much of a fuss.

That being said, perhaps it would be best to issue a sitewide poll, and let them decide what they're more comfortable with.

First of all, protecting passwords in the case of a breach is actually not that hard: just use bcrypt. Crystal provides a really handy wrapper to manage passwords (Crypto::Bcrypt::Password), so I believe we can provide a very high level of password security even in the case of a breach. Second of all, I don't believe that removing passwords provides much more security, that would come through the use of 2fa.

(07-05-2016, 12:11 AM)tn5421 Wrote: I think you should just enable 2 factor authentication, personally.  I, like most other users, use some kind of password manager and this would inconvenience the large majority of us should passwords not be allowed.  I think that this would be fine as an opt-in or even an opt-out measure, though, as long as there were some way to not use it.

2fa is orthogonal to this email auth suggestion. 2fa is just that, a second factor, it should not be relied on to be the first and only source of authentication to log into a site. I belive password + 2fa would be much more effort to gogin with than email auth, and unless we turn off password reset for people with 2fa (we could do that!) it's no more secure.

(07-05-2016, 01:06 AM)RevonZZ Wrote:
(07-04-2016, 08:49 PM)Melancholy Wrote: If we do add it, we will also have SSO options; like Farcebook, Steam, Google+, whatever.

Pls no.

I've always considered Lewd to be its own separate, insulated, self-sufficient community. While SSO options might bring more users to the forums, odds are that anyone who's actually, genuinely interested in the community would've taken the time to make an account.

Besides. While we've got plenty of users that made a dozen posts and fucked off elsewhere, the alternative would be infinitely worse. I'd really, really prefer if Lewd didn't go the way of Usenet.

I'm not too sure about this, you're saying that having SSO auth would mean that new users would find it "too easy" and we would get laods of users that make a few posts and go elsewhere? There's something for that, sure, making an account is an investment and people who make that investment are more likely to stay invested and stick around. However I don't think people making a few posts then leaving is especially a bad thing, and if their posts got any notifications they will get an email and might even come back!

(07-05-2016, 03:23 AM)PetersPark Wrote:
(07-04-2016, 10:33 PM)snow Wrote:
(07-04-2016, 10:16 PM)floattube Wrote: I think I would prefer passwords tbh. Just seems inconvenient to me. But it isn't my website and it isn't something that will drive me away.

This is pretty much my sentiment regarding the email login instead of passwords. I also don't like the only other options being to login with another account of mine. I don't want to link shit just so I can login, I'd rather just input a password. None of that facebook, steam, g+ or email bs.
Well your account is already tied to your email. While not impossible, it's pretty hard to tie your account to nothing else,without getting lots of spam. 

I still don't really understand how this is any more inconvenient. We have to give our email anyways so for our first login it's just one step less. For any next login instead of opening your password manager you have to open your email client. 

It probably is easier to implement this instead of proper password storage and as we have seen over and over again, this doesn't even seem to exist, since lots of websites got their password db breached. 

It certainly would make sense to add a pub key. Even Facebook nowadays supports encrypted pgp mails. 

I think the worst thing about it, is that we just aren't used to it.

Once again, password storage isn't an issue, most of these sites that got hacked are old and didn't use modern (or even best in their day) security practices. Bcrypt is amazingly expensive to calculate, and salted, so basically nearly impossible to crack if you choose the correct work factor. As always with password storage: just use bcrypt.

(07-05-2016, 04:31 AM)snow Wrote:
(07-05-2016, 03:23 AM)PetersPark Wrote:
(07-04-2016, 10:33 PM)snow Wrote:
(07-04-2016, 10:16 PM)floattube Wrote: I think I would prefer passwords tbh. Just seems inconvenient to me. But it isn't my website and it isn't something that will drive me away.

This is pretty much my sentiment regarding the email login instead of passwords. I also don't like the only other options being to login with another account of mine. I don't want to link shit just so I can login, I'd rather just input a password. None of that facebook, steam, g+ or email bs.
Well your account is already tied to your email. While not impossible, it's pretty hard to tie your account to nothing else,without getting lots of spam. 

I still don't really understand how this is any more inconvenient. We have to give our email anyways so for our first login it's just one step less. For any next login instead of opening your password manager you have to open your email client. 

It probably is easier to implement this instead of proper password storage and as we have seen over and over again, this doesn't even seem to exist, since lots of websites got their password db breached. 

It certainly would make sense to add a pub key. Even Facebook nowadays supports encrypted pgp mails. 

I think the worst thing about it, is that we just aren't used to it.

I don't use a password manager, so an extra step is simply just annoying. I'm not against change, and I certainly will give the feature its fair shot despite my current feelings towards it. I just don't want to open my email every time I have to login, much like I don't want to open my phone every time I want to login to steam. Guess I'll get over it and complain under my breath, we'll see.

I've never said that we are definitely going to implement this authentication, so you might not have to complain under your breath after all.



It seems, from reading the responses in this thread that the main issue people see with this login scheme is usability. And I'll agree with that, it can take more time  to use than username and  password, although less so if you use a password manager. When I was contemplating this idea, I made the assumption that logging into lewd is not a frequent operation, and for me it certainly isn't. I have logged into lewd maybe 5 times, ever. But lewd has quite a different demographic than most websites, so these assumptions might be invalid. The question "is this overhead worth it" depends on two things: how often you log in and what benefits it brings.

I have set up a strawpoll for how often you actually log into lewd, that is how often you type your password, not how often you use lewd. Please vote here: http://www.strawpoll.me/10669874

As for the benefits, here they are:
  • Lewd doesn't have to store your password, it can't be leaked through us. (Unlikely anyway, see above.)
  • The problem of using passwords from other sites to try and login (to lewd) is gone.
  • You don't have to remember yet another password, or use a password manager (you are using different password for all your sites, right?)
  • Your mail provider (should, please don't use yahoo) implement 2fa, good password security etc. so we don't have to.
  • You don't have to install a password manager on your phone and fuck with copying password from that just to login.
Once we have the data on how often people log into lewd, we should have a better idea on whether implementing this authentication pattern is worth it.

[Image: 68747470733a2f2f6177772e6d6f652f683731666e372e706e67]
English animemester
malmon
nya?
Torrents
Posts: 1,098
Threads: 18
Joined: Nov 2015
Reputation: 12
07-05-2016, 10:57 AM (This post was last modified: 07-05-2016, 11:52 AM by malmon.)
#43743 (32)
I guess I'm probably a bit late to the party, but honestly I would just prefer username & password with optional 2FA. I don't like the idea of relying on the security of another system.

While we're here, might I suggest a feature that allows us to see people's old avatars (like old nicks on Steam). I almost exclusively remember people by avatar, so it gets a bit annoying when I can't tell who's who :P

[Image: 68747470733a2f2f752e6e79612e69732f77757466626d2e6a7067]
moeki
Unique
Posts: 297
Threads: 9
Joined: Dec 2015
Reputation: 8
07-05-2016, 02:39 PM (This post was last modified: 07-05-2016, 02:41 PM by moeki.)
#43752 (33)
personally i only log in when i'm secretly checking lewd in college, ahem. so replacing passwords with email would for me only mean that i can't message melon from college! which i can also do via email! so i would be okay with either option! passwords sound somewhat simpler to me but that's just me not knowing much, and i'm sure that using emails would be just as good and would only take some getting used to! <3

[Image: 68747470733a2f2f752e706f6d662e69732f7071...6a2e676966]
Alexual
Pretty cool
qt
Posts: 26
Threads: 1
Joined: Mar 2016
Reputation: 3
07-05-2016, 02:53 PM
#43753 (34)
I think the email idea is neat.
Security over comfort in this case.
dokuro
Junior Member
Kohai
Posts: 2
Threads: 0
Joined: Apr 2016
Reputation: 0
07-05-2016, 04:02 PM
#43755 (35)
How can anyone think this is a good idea, you fucking retards? You are removing a layer of security and making things inconvenient for everyone. I'd also like to point out that this is a forum for faggot weeaboos that literally no one cares about. What the fuck kind of hacker would target you when there's nothing valuable to store on your accounts here?
[+] 3 users love dokuro's post
Itanium2
Intel Inside
Kohai
Posts: 5
Threads: 1
Joined: Jul 2016
Reputation: 0
07-05-2016, 04:03 PM
#43756 (36)
Installing Oracle Solaris is the only way to secure this site.

sh!t
[+] 2 users love Itanium2's post
Melancholy
すけべ
Admin
Posts: 3,871
Threads: 213
Joined: Jul 2014
Reputation: 60
07-05-2016, 04:29 PM
#43758 (37)
(07-05-2016, 04:02 PM)dokuro Wrote: What the fuck kind of hacker would target you when there's nothing valuable to store on your accounts here?

kids have tried

RX14
Chibi Hentai Master
Optimist
Posts: 506
Threads: 5
Joined: Nov 2015
Reputation: 2
07-05-2016, 05:13 PM
#43759 (38)
(07-05-2016, 04:02 PM)dokuro Wrote: How can anyone think this is a good idea, you fucking retards? You are removing a layer of security and making things inconvenient for everyone. I'd also like to point out that this is a forum for faggot weeaboos that literally no one cares about. What the fuck kind of hacker would target you when there's nothing valuable to store on your accounts here?

Maybe if you had read the article, or any of my previous explanations, instead of insulting the whole forum, you would have realised that this does not decrease security at all.

[Image: 68747470733a2f2f6177772e6d6f652f683731666e372e706e67]
English animemester
dokuro
Junior Member
Kohai
Posts: 2
Threads: 0
Joined: Apr 2016
Reputation: 0
07-05-2016, 05:17 PM (This post was last modified: 07-05-2016, 05:21 PM by dokuro.)
#43760 (39)
(07-05-2016, 05:13 PM)RX14 Wrote:
(07-05-2016, 04:02 PM)dokuro Wrote: How can anyone think this is a good idea, you fucking retards? You are removing a layer of security and making things inconvenient for everyone. I'd also like to point out that this is a forum for faggot weeaboos that literally no one cares about. What the fuck kind of hacker would target you when there's nothing valuable to store on your accounts here?

Maybe if you had read the article, or any of my previous explanations, instead of insulting the whole forum, you would have realised that this does not decrease security at all.

Except it does. You are removing a security layer. In what way does that not decrease security? Consolidating the logins to a single location reduces the size of the target vector needed for a hacker to get into all of your accounts.
Melancholy
すけべ
Admin
Posts: 3,871
Threads: 213
Joined: Jul 2014
Reputation: 60
07-05-2016, 05:23 PM
#43761 (40)
(07-05-2016, 05:17 PM)dokuro Wrote:
(07-05-2016, 05:13 PM)RX14 Wrote:
(07-05-2016, 04:02 PM)dokuro Wrote: How can anyone think this is a good idea, you fucking retards? You are removing a layer of security and making things inconvenient for everyone. I'd also like to point out that this is a forum for faggot weeaboos that literally no one cares about. What the fuck kind of hacker would target you when there's nothing valuable to store on your accounts here?

Maybe if you had read the article, or any of my previous explanations, instead of insulting the whole forum, you would have realised that this does not decrease security at all.

Except it does. You are removing a security layer. In what way does that not decrease security? Consolidating the logins to a single location reduces the size of the target vector needed for a hacker to get into all of your accounts.

If they have access to your email anyway, they can just reset your passwords on everything you use..

TheXzoron
Junior Member
Kohai
Posts: 10
Threads: 1
Joined: Jan 2015
Reputation: 0
07-05-2016, 05:57 PM (This post was last modified: 07-05-2016, 06:04 PM by TheXzoron.)
#43762 (41)
(07-05-2016, 05:23 PM)Melancholy Wrote: If they have access to your email anyway, they can just reset your passwords on everything you use..

360 million reasons to destroy the idea of email auth


Remember Myspace? No I'm 12

Anyway disregarding my distaste of that article's writing style the whole passwordless login idea is dumb because every time I sign in I will have to wait for some email to go though which could get caught up in someone's spam filter or not get sent yada yada misdelivereries happen and then copy paste the string they give me also the excuse "Oh I only login once in a blue moon" doesn't work for people who change devices or like me delete their sessions entirely so they'd have to do this repeatedly, which after the attacker sends the email they can still bruteforce to guess it anyway just like a password unless you have a timeout. Thus it doesn't increase the security at all considering low and behold the email even if you have multiple auths is guarded by a password at some degree that when compromised gives access to all higher layers. So why make them go after the email which contains many things when they could just go after one account for one site.
All in One
( ˃ ヮ˂)
Torrents
Posts: 272
Threads: 3
Joined: May 2016
Reputation: 2
07-05-2016, 06:58 PM
#43764 (42)
(07-05-2016, 05:23 PM)Melancholy Wrote: If they have access to your email anyway, they can just reset your passwords on everything you use..

Is this not what security questions are for?

[Image: 68747470733a2f2f752e6e79612e69732f6b7364717a782e706e67]
floattube
Sharing: For a better tomorrow
Torrents
Posts: 261
Threads: 4
Joined: Apr 2016
Reputation: 2
07-05-2016, 07:51 PM
#43767 (43)
(07-05-2016, 04:03 PM)Itanium2 Wrote: Installing Oracle Solaris is the only way to secure this site.

Can't believe people are ignoring this grand advice.
Backlash
Thread Necromancer
Nephilim
Posts: 995
Threads: 33
Joined: Oct 2015
Reputation: 15
07-05-2016, 08:10 PM (This post was last modified: 07-05-2016, 08:12 PM by Backlash.)
#43768 (44)
Revisiting one of my previous statements, I'd like to mention that one of the reasons I joined Lewd was how comfy it was (and still is), and one of the reasons I appraised it as such was the ease with which I could create my account and start posting. Certainly, email logins are markedly more secure, but I'd never even heard of them before reading this thread. I can say with surety that, if such a system were implemented previous to my discovery of Lewd, it would've confused me enough that I wouldn't even bother returning after a while.

As an aside, I'd also like to point out that if such a system were implemented, it'd probably resemble Google's uber-annoying two-step verification process. Sure, you wouldn't have to remember a password on paper, but that only applies when you're on one computer and using one browser. Imagine if you've got multiple browsers on multiple machines like me; every separate login means yet another trip to my inbox. If it's a chore for dedicated users like me, then new users are likely to deem it a waste of time, and leave for greener pastures.

It's kinda hard for me to find words right now, so I'll keep it short: Implementing email login as the default (or only) method to access Lewd is an incredibly bad idea, simply because most people aren't used to it. As such, we ought to maintain the traditional username-and-password login by default, and offer the new method as an optional layer of security for anyone who's interested.

Melancholy
すけべ
Admin
Posts: 3,871
Threads: 213
Joined: Jul 2014
Reputation: 60
07-05-2016, 11:26 PM
#43769 (45)
I'd recommend reading the article in its entirety, it addresses a lot of the points people are making here.

Nodoudt
Happy To Be Here
Kohai
Posts: 34
Threads: 2
Joined: Jun 2016
Reputation: 1
07-06-2016, 12:55 AM
#43772 (46)
Just a thought, but...

If this new login method is (from what I understand to be) easy to implement - would it then not be too crazy of an idea to simply update Lewd to the new system for a day or two? Then see what the overall user response is?

As long as it is clearly communicated to the site that a test is being conducted - and you are able to revert to the old manner of doing things with relative ease, I don't see how there could be any major issues with doing so.

Although, it does place extraordinarily high accountability on whomever pulls the trigger, especially in the case of a misfire.

To me, it seems as though the only major hangups over this are the speed at which the login link is sent, and how "secure" users actually feel with the using new method. Aside from that, I would say that giving this it's own "beta test" could serve to help us better understand what we're dealing with.

I hope that isn't too extreme of a proposal, but I feel it's certainly one worth considering.

- Nodoudt
[+] 1 user loves Nodoudt's post
Zigzagoon
Junior Member
Kohai
Posts: 13
Threads: 0
Joined: Oct 2015
Reputation: 0
07-06-2016, 03:16 AM
#43779 (47)
From how it sounds like it, well for me, that it is going to how steam log us in; like when you log in somewhere new it give us the code to input that was send to make sure it us except here it just we are telling the site to send an email then going to our email to actually log us in to the site...if what I said make sense as I just making sure I understand what (trying) to happen lol and it is true then I would accept the change to a non-password log in.

My only question would be that the email is have a special code to have us enter to log in the site or like a special link to click on?
Cat
Meow
Kohai
Posts: 8
Threads: 2
Joined: Jun 2016
Reputation: 0
07-06-2016, 03:53 AM (This post was last modified: 07-06-2016, 03:53 AM by Cat.)
#43780 (48)
A bit off topic, but I do love how dedicated you are that you're willing to rewrite the entire forum just for increased efficiency and easier ability to implement features. Or maybe it's because you have nothing better to do lmao. However on the subject of the login method, I definitely prefer the classic email/username and password method. It's simple, tried and tested, and very effective. No need to reinvent the wheel unnecessarily.

[Image: 687474703a2f2f692e696d6775722e636f6d2f4a...6a2e676966]
RX14
Chibi Hentai Master
Optimist
Posts: 506
Threads: 5
Joined: Nov 2015
Reputation: 2
07-06-2016, 01:57 PM
#43803 (49)
(07-06-2016, 03:53 AM)Cat Wrote: A bit off topic, but I do love how dedicated you are that you're willing to rewrite the entire forum just for increased efficiency and easier ability to implement features. Or maybe it's because you have nothing better to do lmao. However on the subject of the login method, I definitely prefer the classic email/username and password method. It's simple, tried and tested, and very effective. No need to reinvent the wheel unnecessarily.

It's the latter, need something to do in the summer break haha.

[Image: 68747470733a2f2f6177772e6d6f652f683731666e372e706e67]
English animemester
[+] 1 user loves RX14's post
Zee Quality
Junior Member
Kohai
Posts: 12
Threads: 1
Joined: Nov 2015
Reputation: 0
07-08-2016, 10:28 PM
#43875 (50)
(07-05-2016, 05:57 PM)TheXzoron Wrote: 360 million reasons to destroy the idea of email auth

Not only that, but given that most web mail clients themselves ask for two-factor authentication based on your phone, and require it even for new accounts, I don't see how asking for it here would help much. To me, passworless login sounds like another step toward handing all electronic security over to direct management by a lone central authority.

Lately, I've been using http://angel.net/~nic/passwd.current.html to generate unique passwords for different sites. It could probably be improved in a number of ways, but the general concept of using hashes on the client side to generate different passwords rather than encrypting them sounds nice.

(07-04-2016, 08:49 PM)Melancholy Wrote: If we do add it, we will also have SSO options; like Farcebook, Steam, Google+, whatever.

If you have SSO, would you allow for OpenID accounts, like Livejournal and Dreamwidth?
[+] 1 user loves Zee Quality's post