If someone has access to your email, would you ever know if they were logging into your accounts via Byepass?
Report
@timwinfree why would you do this to me. i was on a roll and then Patreon decided to get crazy and this comment makes me wonder if google would allow that. also, what if someone does get into your wordpress and makes a Byepass for it. they could pester you for life.
@timwinfree we send email alerts (to that email) any time someone logs in using it. Obviously if someone has control of your email they could attempt to hide the emails before you notice, but much the same scenario as if they had control now and do forgot password.
@timwinfree yes building extra authentication through byepass after email confirmation through either app verification (Touch ID/Face ID) or SMS authentication
@timwinfree which doesn’t effect the flow or api usage from our webmasters/app owners at all, we do all the heavy lifting.
Report
Great product!
I've implemented a similar solution on one of my project https://whenitsd.one
Which e-mail delivery system are you using and how do you cover the cost? The main concern I would have is to have to share the e-mail of my user with a third party service, however from my experience making sure the sender reputation score is high would be a reason to use a third party service. Signin using e-mail is great but the e-mails needs to arrive and managing properly bounces and spam reporting is really a hassle.
I really like that the e-mail you receive mention the platform and browser. This is a nice useful touch.
Unfortunately I tried to register on the website but couldn't signup. After receiving the e-mail abd click on the "Authorise the request" link I got an error: "Challenge not found"
So this is what Medium does with passwords (there are non, they send you a link per email every time you wanna log in) but you can integrate it in any site, right? I only see the Wordpress integration advertised on your website though, can we use it on others?
@anna_0x absolutely, there is an API for integration with any site/platform. WordPress plugin just uses the API and offers quick code less setup for webmaster hosts.
Report
@domm cool! Hope to check it out soon! Not relevant to what I'm currently doing but perhaps will be in the near future. Love seeing products like these because I hate passwords 😆
But.. to log in to my email I'd.. still need a password? If every other site I visit used Byepass, then if you just had my email password, you'd be able to sign into anything of mine. Just seems like the end case is still putting all your eggs in one basket, no?
Report
tried using this, how come when entering the email on a wordpress site, i get redirected to a different site that i dont own? (bassunit)
Report
When I requested a log in to developer area (which I assume is how any Byepass login would work) on my mobile, I thought it had not worked and having tried it on my desktop I now realize what had happened.
I did not realize that the original screen I had logged into had changed to show the contents because the mobile window/ screen telling me that the challenge had worked was blocking it (even though it was still there).
I presume that your use-case is that a user would request login on a desktop and then authorize the email challenge on their mobile. In this case it would work perfectly as the the original descktop login request would be showing logged in content.
Pros:
very low friction for the user, very intuitive for the developer
Cons:
Its confusing in that the challenge result window/screen is redundent and you have to go back to the original window/screen esp on mobile
Good point, I have actually just reverted back to a previous change so that after authorisation, the new window becomes the lead window (if authorised on the same device as challenge), so that it isn't confusing to the user!
Password Chef
Fast Login on WordPress
Password Chef
Fast Login on WordPress
Fast Login on WordPress
Fast Login on WordPress
Fast Login on WordPress
Fast Login on WordPress
Fast Login on WordPress
Fast Login on WordPress
Timeblocks
Fast Login on WordPress
When I requested a log in to developer area (which I assume is how any Byepass login would work) on my mobile, I thought it had not worked and having tried it on my desktop I now realize what had happened.
I did not realize that the original screen I had logged into had changed to show the contents because the mobile window/ screen telling me that the challenge had worked was blocking it (even though it was still there).
I presume that your use-case is that a user would request login on a desktop and then authorize the email challenge on their mobile. In this case it would work perfectly as the the original descktop login request would be showing logged in content.
Pros:very low friction for the user, very intuitive for the developer
Cons:Its confusing in that the challenge result window/screen is redundent and you have to go back to the original window/screen esp on mobile
Fast Login on WordPress