Conversation

Notices

1. rugk -> ⚠️ Follow me at https://social.wiuwiu.de/@rugk (rugk@gnusocial.de)'s status on Friday, 12-Jan-2018 10:45:53 UTC rugk -> ⚠️ Follow me at https://social.wiuwiu.de/@rugk
   This "passwordless login" thing is driving me crazy. For users with password managers, it is way to cumbersome to check their mail for each login. With a password manager is is often only one click.
   
   And yes, I am talking about you, #Medium.
   • rugk -> ⚠️ Follow me at https://social.wiuwiu.de/@rugk (rugk@gnusocial.de)'s status on Saturday, 13-Jan-2018 09:40:46 UTC rugk -> ⚠️ Follow me at https://social.wiuwiu.de/@rugk

     • Liberapay
     • Sebastian
     @sebastian Hu? @liberapay just uses mail+password.
   • rugk -> ⚠️ Follow me at https://social.wiuwiu.de/@rugk (rugk@gnusocial.de)'s status on Saturday, 13-Jan-2018 11:33:03 UTC rugk -> ⚠️ Follow me at https://social.wiuwiu.de/@rugk

     • Liberapay
     • Sebastian
     @sebastian @rugk lol, not really @Liberapay?
   • rugk -> ⚠️ Follow me at https://social.wiuwiu.de/@rugk (rugk@gnusocial.de)'s status on Saturday, 13-Jan-2018 11:47:00 UTC rugk -> ⚠️ Follow me at https://social.wiuwiu.de/@rugk

     • Liberapay
     • Sebastian
     @sebastian @liberapay I see… kinda not so nice, I mean we talk about money here… Ugh…
   • rugk -> ⚠️ Follow me at https://social.wiuwiu.de/@rugk (rugk@gnusocial.de)'s status on Saturday, 13-Jan-2018 11:58:31 UTC rugk -> ⚠️ Follow me at https://social.wiuwiu.de/@rugk

     • Liberapay
     • Sebastian
     @sebastian @liberapay Right, but the big difference is: With password reset you notice when someone got into your account (because they must change the password).
     With this passwordless login, you do not notice your mail account is compromised or so. They can just always login as long as you use the same mail.
   • rugk -> ⚠️ Follow me at https://social.wiuwiu.de/@rugk (rugk@gnusocial.de)'s status on Saturday, 13-Jan-2018 12:02:16 UTC rugk -> ⚠️ Follow me at https://social.wiuwiu.de/@rugk

     • Liberapay
     • Sebastian
     @sebastian @liberapay When an attacker has access to the mail account, they can delete all mails. They cannot, in usual password recovery, however, login without actually *changing* the password.
   • rugk -> ⚠️ Follow me at https://social.wiuwiu.de/@rugk (rugk@gnusocial.de)'s status on Saturday, 13-Jan-2018 12:04:20 UTC rugk -> ⚠️ Follow me at https://social.wiuwiu.de/@rugk

     • Liberapay
     • Sebastian
     @sebastian @liberapay YES, but when they ant to access the account, they click the link, enter a password and thus *change it*. When you (as the real user) later want to login, you *do notice* you cannot login anymore.
   • rugk -> ⚠️ Follow me at https://social.wiuwiu.de/@rugk (rugk@gnusocial.de)'s status on Saturday, 13-Jan-2018 12:04:48 UTC rugk -> ⚠️ Follow me at https://social.wiuwiu.de/@rugk

     in reply to

     • Liberapay
     • Sebastian
     @liberapay @sebastian I am currently opening an issue for that, with a detailed explanation.
   • rugk -> ⚠️ Follow me at https://social.wiuwiu.de/@rugk (rugk@gnusocial.de)'s status on Saturday, 13-Jan-2018 12:56:47 UTC rugk -> ⚠️ Follow me at https://social.wiuwiu.de/@rugk

     • Liberapay
     • Sebastian
     @sebastian @liberapay The issue I mentioned: https://github.com/liberapay/liberapay.com/issues/925