Improve login process with email



  • Login to cloud dashboard with email sends a one-time login link. This is problematic for two reasons:

    • It’s terribly insecure. As emails are similar to postcards in the “good old physical world”, everyone with technical capabilities can listen in and therefore grab the link and get unsolicited access to my dashboard
    • It’s very inconvenient. Especially if I want to login from a device that doesn’t have access to email, I have to copy & paste the link to that device and then use it there to get started. That’s not fun at all.

    The other options (login with Google or GitHub) is a no-go in out case as we don’t trust those companies.

    Looks like you want to avoid dealing with passwords, I understand that. But the way it is now isn’t a solution either from my point of view.



  • Is the issue with using an external SSO provider, or specifically with Google and Github?


  • Staff

    We intend to add more auth methods, like username/pwd and later - probably in a paid version - SSO for enterprises. The link expires the moment you use it, so it’s dangerous only if you don’t use it.


  • Staff

    We should look up on how to add support for WebAuthn so we can add second-factor authentication through OS.



  • @zack it’s about logging in with email, not with any of the third party authentication providers.

    It’s good to hear that you’re planning on more auth methods. As you’re looking into WebAuthn you may also want to look into SQRL (https://www.grc.com/sqrl/sqrl.htm)


Log in to reply