Comments (5)
Hi Alex. Thank you for the feedback. We heard the same thing from other people who participated in the beta, and this was the result of that. You are correct that in this release, logging in from other devices works just like any other web app. As long as the user knows the username & password, they can log in from anywhere without having to deal with the key.
And to your questions:
- To what extent to you see this as an adoption blocker? Maybe there are use cases for certain customers where this isn't as much of an issue._
We don't know yet. Many end-to-end encrypted apps have that requirement (one example). If this turns out to be an adoption blocker, we think we have a solution (see below).
- Any ideas for how to securely help end users recover from a lost password?
The password is still technically resettable if the user has access to a previously used device/browser, and as long as the user didn't explicitly log out of the last session. This is because the browser stores the encryption key in local storage, and if the key is available, the password can be reset easily (just like a regular web app). In fact, we have already implemented this feature. We chose to not include it as part of the first release because it's still under independent security review, and we need some time to properly document and define the API.
from userbase.
Adding to what Daniel said:
At the very least I could imagine a feature to "Delete all data and create new password"
This is also a good, doable idea. We could email users a link which they can click to kick this process off. Definitely a feature we will strongly consider implementing soon.
Thank you for the well-reasoned feedback and suggestion!
from userbase.
Closing in favor of #118 , thank you again for the suggestion @alexcnichols !
Note that a forgot password mechanism was released in #103 :)
from userbase.
my app is set to server-side encryption, and when I test the forgotPassword function (using the ugliest-todo/forgot-password.html example) I am still left with:
KeyNotFound: Your key was not found. Forgot password only works from a device you've signed in from before.
Is it possible to allow the users to recover password from other devices?
from userbase.
cc @j-berman
from userbase.
Related Issues (20)
- Features Request - Admin API (+ Bounty Reward) HOT 3
- shareDatabase issues
- Feature request: metered trials as opposed to timed trials HOT 3
- forgotPassword with server-side-encryption HOT 1
- Feature Request: 2FA
- How to read a database with admin API? (Question) HOT 4
- How to remove a database? HOT 3
- [userbase-js] passwordHashAlgo is missing in types
- Automatic Tax Collection with Stripe HOT 4
- Close Userbase Node HOT 2
- Prevent registration, or limit app users to 1 HOT 2
- Error "Buffer2 is undefined" when using userbase-js with SvelteKit HOT 3
- Is this project still alive? HOT 1
- sessionLength not being respected, ending early HOT 10
- All users can view all other items created.
- Feature Request: Verify user during signup to avoid dump email ids.
- Service Unavailable for the last couple of days HOT 3
- Missing Data Stored HOT 2
- Third Party Cookie Issues with Stripe
- ServiceUnavailable: Service unavailable. HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from userbase.