Skip to content
This repository has been archived by the owner on May 4, 2019. It is now read-only.

Protect password #29

Open
tribela opened this issue Jan 29, 2017 · 3 comments
Open

Protect password #29

tribela opened this issue Jan 29, 2017 · 3 comments

Comments

@tribela
Copy link

tribela commented Jan 29, 2017

Currently sh8 uses username__password format to set a password. But it is not private, Because the email address contains the password. It is absolutely dangerous.
To protect password, Make a scrambled version of email address like Guerrilla does.

@getogrand
Copy link
Member

Hmm, I can't see the Guerrilla site since it does not response.

Anyway, I don't think the username__password@sh8.email format is unsecure.
We provide the password to mail sender only and other people can't see the password.

Moreover, the scrambled email address is very harmful for UX.
Let's imagine the usecase.
If I want to receive an email to apply a lottery event, then I have to...

  • Using scrambled email address
    1. Open a new tab and go to sh8.email service.
    2. Generate scrambled email address on sh8.email and copy it.
    3. Back to previous tab(the event page)
    4. Paste to fill the email field.
  • Using username__password@sh8.email email address
    1. Fill the email field.

However, thanks for your opinion!
If you have another method to improve our security, feel free to let us know. ❤️

@tribela
Copy link
Author

tribela commented Jan 29, 2017

Yes, the email address cannot revealed on lottery use case, But how about this:
Someone wanted to receive emails anonymously from anyone (like Korean bamboo forests do). The email address should be opened to public and it contains the password.

How about maintain current method(username__password) and make another format to enhance security like username++scrambledPassword

However, if maintain current "username__password" method, sh8 should warn or block to not use username_like__this

@kyunooh
Copy link
Member

kyunooh commented Jan 29, 2017

@getogrand, I did talk with @Kjwon15 another place.
We didn't consider about that feature.
Cause we are following simple way now.
but I think we could solve this issue by UX.

I can't develop this feature right now (we have some issues about human resource... T.T).
And Thanks again Kjwon15 about leave the issue :D

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants