I just ‘signed up’ (if you could call it that) and was not asked for a password. How is that possible and how will it work to sign in in the future?
Hi, @penguin_cat
You sign up with your email and get a link confirm your account. Same to log in, when required. But since I keep ItsFOSS always open in my browser, I never have to login unless I switch browsers or machines. When I do, I have to go click that link in the email.
Sheila Flanagan
I use a password manager - Bitwarden which automatically logs me in. The password was saved from the email link which I saved after the first login.
Seems a weird way to do it, or maybe I am old fashioned.
Maybe you signed up when it was different as there definitely was no password.
You gave your email, you received an email with link to here, then you got access. I assume how it went? You would need someone’s else’s email address and access to it to get here, if you would like to “be someone else” so what would one more password add to security?
If you say you’re a person who you aren’t but you do have that person’s email address+password to that account, it would not change anything if you would have needed to give a new user’s username + password before you need to have access to that email account where you need to confirm your sign up. Email account passwords are very valuable to people who want to gain access to anyone’s account. Use 2FA anytime it’s possible
I always save my Brave-Browser Settings, so whenever I change Linux Desktop environment I am always logged in.
Have setup panel shortcuts to all my online apps, to open with Brave.
A few of our regular members already know it and answered. I’ll add to that with some additional technical details.
Traditionally, when you have to log in to a website, you create username/email and a password. That website saves the password in a database. Now, that’s an additional things to secure as the website has to make sure that the servers are never breached because if they did, passwords, hashed or not, can be fallen in the breach and later sold on dark web. And if the passwords are repeated on multiple systems, there is a chance that someone else could acces accounts on a more critical website (email, social accounts etc).
Remember, such breaches were common 10-15 years ago. Sony Playstation was compromised several times, so was Spotify (I think). This led to websites like Have I Been Pawned that let you search if a given email address was in a certain data breach.
This also led to the inclusion of several additional security measures. 2 factor authentication is common for email services and social accounts. Many websites do not store password. They allow people to log in via Google/Facebook/Apple/GitHub accounts (called social sign on).
Another way in this regard is the use of login links. So the website has user accounts with the email address but there is no password system in place. Instead, you get the login link in your email, click on it and you are logged in to your account.
It is more secure as your email service account is secured with 2FA and there is no password to remember for loggin into a non-critical website like itsfoss.com. Sadly, it also has inconvenience as you will have to receive the login link on any new browser-device you use. Password managers are easier to use in these scenarios.
Why does It’s FOSS use this method? That’s because we use Ghost CMS (the framework the site was built on) for our website. This CMS has membership-newsletter feature in-built. And this membership feature is powered by login-links. And there is little I can do on my end to change that.
Next, I used a special mechanism to link the members account on the website (itsfoss.com) to our community forum (this website). To make this place exclusively for It’s FOSS members and facilitate an ‘ease of use’, I added single sign on option (SSO) to this forum’s login mechanism.
So, if you are logged into itsfoss.com in a web browser, you just have to click on the log in button on the forum and since both websites are in the same browser session, you are automatically logged into the forum, too.
It confuses people initially, it did to several of our regular members, but once you get used to it, you’ll appreciate the comfort.
I also used the same Single Sign On in the comment section on the website. So you don’t have to put your username and email address each time you want to leave a comment.
I hope I made things a bit more clear (or maybe not).
TLDR; There is no password based login system on It’s FOSS. You receive the login link in email and click to be logged in to itsfoss.com. When you are logged into itsfoss.com, you just have to click the sign in on the community forum in the same browser session for automatic login.