euanlawson
euanlawson

I’m slightly frustrated with the email-only sign in with micro.blog. I like to stay out of my inbox unless I’m in there clearing it. Being forced there to log-in is digitally coercive. Why can’t I just use a password folks?

|
Embed
In reply to
jean
jean

@euanlawson Hi Euan, I definitely understand about wanting to avoid a visit to your inbox. If you're signed in, you should be set, unless you sign out again. Is there a reason you need to sign in frequently? You could also use an app token for a variety of Micro.blog-enabled apps. help.micro.blog/t/signing...

|
Embed
euanlawson
euanlawson

@jean Hi Jean. Thanks for the reply. Yes, no worries - I can cope with it! It was worse when I was signing into various devices at first but I’ve not had to again since that initial flurry and is all cool. 👍

|
Embed
jean
jean

@euanlawson Oh good! I worried something was making it more onerous than it needs to be.

|
Embed
euanlawson
euanlawson

@jean One bit of feedback so you don’t think I’ve just turned up and started grousing! The ability to change the highlight colour in the iOS app is very welcome. It defaulted to red (dark background) which is very hard for us colourblind types to see so was super-chuffed to be able to change it. Makes huge difference to accessibility/usability. Thank you!!

|
Embed
jean
jean

@euanlawson Tagging @manton, who is the brains of this outfit, so he will see this.

|
Embed
manton
manton

@euanlawson @jean Great feedback, thanks. For the lack of passwords, we're also going to be adding text verification as an option soon, because browsers handle auto-filling that so well now without leaving the app. I think there's more we can do to improve this.

|
Embed
mcg
mcg

@manton Text verification isn’t great from a security standpoint. If that matters.

|
Embed
manton
manton

@mcg Yeah, I have heard the stories about SMS exploits. When we experiment with this, it'll be optional. (This is also why I've resisted M.b features that use private data, like protected posts or direct messaging, so in the case of a hack there isn't much to steal.)

|
Embed
rom
rom

@manton @mcg I agree. Please do not use SMS. U2F might be a better option. And yes, no passwords please. There is an inconvenience of having to go to your mailbox to login, but it is a minor one. Maybe being able to generate login tokens from the iOS app would be nice, too (no need to go to your mailbox, right?).

|
Embed
Moondeer
Moondeer

@rom I tend to feel like I am getting the best of both worlds with accounts setup to use my memorable (unsafeish) password plus a 2FA token spit out for me by MyKi. I haven't kept up on exploits and cryptology so no idea if I actually am safe.

|
Embed
rom
rom

@Moondeer as long as you know your threat model and manage the risk, you're good. :)

|
Embed