My FeedDiscussionsHeadless CMS
New
Sign in
Log inSign up
Learn more about Hashnode Headless CMSHashnode Headless CMS
Collaborate seamlessly with Hashnode Headless CMS for Enterprise.
Upgrade ✨Learn more

Towards a password-less future

Siddarthan Sarumathi Pandian's photo
Siddarthan Sarumathi Pandian
·Feb 13, 2017

The Why:

Let me begin this article by saying that Oauth2.0 is awesome and it's fantastic that you can logon to your favorite websites using applications like Facebook, Google, GitHub or Linkedin with just a single click. The kickass security that Oauth2.0 provides you with is amazing as well.

However, there are so many people out there who have reservations about using these applications to logon to a particular service and prefer the old fashioned email and password.

Also, a few of the Hashnoders reached out to us saying that the companies they work for restrict their employess to access Facebook, Google, LinkedIn and GitHub at their place of work. Hence, we have decided to add email as an additional way to login.

The What:

If you look at our homepage right now, you'll see that you can get on Hashnode using email as well (in addition to the existing ways to get on Hashnode). There isn't going to be a password though. Yes, you heard it right.

Screenshot 2017-02-13 14.02.54

Whenever you want to login (or sign up) using your email, we will send you a one-time link to your inbox. Clicking on the link will take you to your account on Hashnode. Do note that the link will be valid only for 24 hours.

We were inspired by Slack's password-less login and decided to do the same thing with Hashnode. Yammer, Basecamp and Medium are a few other companies that have already done this. So, what made us not go down the password route?

For starters, you have to remember a password as a user. Setting up a strong password isn't exactly easy either. From an engineering standpoint, you have to make sure you store the passwords very securely in the database. In case, the security of the database in compromised, it can lead to all kinds of trouble, for most people have the same password across applications.

The How:

When you try to login/sign-up, a random id is generated and stored against your account. The random id is sent to you over email. Never share the link received in your email, since the link basically is like your password now.

The moment you click the link, you will be automatically logged on to Hashnode and the random id that was generated for you login will be destroyed. Please note that you'll be logged on to Hashnode for a period of six months, taking advantage of browser cookies. If you decide to logout or clear your cookies, you can request for a new login link from the homepage.

Do try this new way of logging in and let us know what you think of it.

9