How we picked our login process
Modern authentication systems favor enhanced security over sheer convenience. While an emailed token isn't as immediate as a static password, it offers significant advantages in protecting user data.
Tokens and oAuth
Our system employs OAuth or an email token-based approach. Instead of managing static passwords, we generate unique, time-sensitive tokens that are sent to the user’s email. This minimizes risks like password reuse and reduces vulnerabilities related to credential storage. Similar to banking practices, this approach is designed to safeguard against the evolving landscape of cyber threats.
We cannot confirm or deny
A key security measure is our policy of offering generic responses during login attempts. We deliberately do not confirm if an email is registered in our system. By doing so, we prevent account enumeration—where attackers might otherwise determine valid accounts by analyzing system feedback. This extra layer of protection significantly curbs the risk of phishing and other targeted attacks.
Most advanced yet acceptable
Though this method may introduce a small inconvenience compared to a simple password, it represents a practical balance between advanced security and user experience. The trade-off ensures robust protection while maintaining an acceptable level of usability, much like the security measures employed by financial institutions.