Why are no passwords used?
As of 29th of November 2016 we no longer use the obsolete password-based authentication, passwords have been proven to be insecure and too predictable, instead we have advanced to token-based authentication which is indefinitely more secure and brings many benefits for both you (the user) and us (the service provider). Please keep reading if you would like to know why we have made this decision and what this means for your account security.
It's damn easy.
Remember those ol'days? When you sign up you had to think of a password, which had to be at least 8 characters long and then you also had to remember that darn thing. Good thing that is all history, now you just enter your e-mailaddress and click on the link sent to your inbox and you are signed in and we have verified your e-mailaddress, all at once! Additionally we also got rid of the "forgot my password"-page, phew!
Is it really safer?
- No more "password123" or "john1989" as your password. As you probably can imagine your passwords are most likely incredibly predictable, since you need to remember it. With the new token-based authentication you sign in using a super long random sequence of characters (a "one-time password") which is cryptographically secure, one-time use and only valid for 15 minutes.
- If someone would ever get unauthorized access to our database they would not get to know your password, because we simply don't have them. Not that would get to know your password either way, but they would get their hands on the "hashed version" instead, which can still be brute-forced.
- One less of the many accounts you have to worry about!
- People phishing your account is history now. We have already seen it several times happening, phishers copying our sign in page and trying to obtain your login credentials, with this new method it's no longer possible.
Only thing you have to do now.
All you have to do right now is to keep your email address safe, the best way to do this is to enable two-factor authentication. Most e-mailproviders have this, such as: Gmail, Outlook, Yahoo Mail and Zoho mail.