You may have noticed that we don’t use passwords to log you into your account. Instead we use one time generated links everytime you log into the web application.
Although you don’t need to log into the account unless you logout it is fairly easy to get back into the account. Just to note, once you are logged in, you will remain logged in unless you logout or log into the account on another device or browser.
We generally store your login session in a secure cookie. When you logout this is invalidated.
What happens when you request a login
When you enter you login, the system will generate a new token for you, which is unique to you and no one else has the same token. This in turn triggers an email sent to your verified and registered email address. Clicking the link will open your browser, check if the link is valid and if so, will log you into the web application.
For security reasons, these links are only valid for 15 minutes.
But I want to set a password
We’ll certainly be adding passwords down the line. In fact, the logic is there but will require a bit more work to get right. The plan is to optionally allow you to use a password instead of a magic link. I feel it’s important to give you a few options, so you don’t have to worry which one you want to use.
This all sounds good
It sure does. No password to remember, woohoo!