Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Would you be OK using a Github login on stuff like this? Or would you be OK just using tokens emailed to you as a means to login? The reason I'm asking is because I don't like passwords and so designed a password-less login system that relies on emailed tokens and 2FA, with either the Authenticator app or texts.


OK, I'll add Github login next week. Thanks.


GitHub login is a great idea for this.

Offering only Google leaves out the majority of small business (and big business!) coders worldwide who rely on Microsoft's small business ecosystem.

To solve in a generalized way consider OpenID Connect (OIDC) that lets you put a stack of "Sign in with [account]" or "Continue with [account]" buttons, easily.

You end up with this:

https://www.xsplit.com/user/auth

And you don't need the complicated "SSO" stuff.

Another example:

https://id.atlassian.com/login

But it's better to not need to implement username/password login at all, meaning you don't have any usernames or passwords to steal or lose.


Or do this: https://github.com/MittaAI/SlothAI/blob/main/SlothAI/web/aut...

That flow sends an auth token by email. I've implemented other versions that use SMS for login with numbers after that flow takes place.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: