Password-less login

July 2nd, 2017

In an effort to create a more secure environment and user friendly site we are introducing Password-less login.
At it base, is not a secure site, the information in our site is not personal and the site is not protected by SSL encryption. This does introduce one risk: if user is using his commonly-use email and password pair. If the same pair is used in other personal sites, a ‘listener” can get the pair simply by listening to the user internet communication.

To avoid this risk a password-less login was developed. This is a simple two stage authentication:

  • (1) User will post his Username.
  • Site will response with a login code: 6 digit number.
  • (2) User will enter the number and login.

To avoid repeating the login with the same code or trying multiple codes there are some limitations:

  • Code has time limit of 30 minutes.
  • Only one code per user can exist at one time, if user ask for code twice, only the last is valid.
  • Other limitation that design to prevent unwanted logins.