Following issue: I‘m a member of multiple Discourse communities and like to enable push notifications on iOS. The only way is to be logged in within the official Discourse app. Unfortunately, I‘m using pretty complex passwords and can’t remember them and don’t use 1password or other 3rd party PW manager (I didn’t trust).
I need a workaround to login inside the app. The OTP login link is always forwarding me to my default browser (Mobile Safari).
Isn’t that possible to add a second link, that adresses the app and is logging me inside that?
(Universal Links - Apple Developer) ?!
I have more trust in OTP links and transport encryption than a database of my passwords in other hands. Especially on mobile devices and sand boxed closed source environments
You’re asking for a technical solution because by your own admission you don’t manage your own passwords properly. A solution already exists - why would you ask discourse to do further development over using a password manager? You’re not making a compelling case!
Then take another proper look at how some of these tools work. Products such as 1password can’t access your data. If you lose your recovery key and master password your credentials are lost forever.
It’s about trust and not „how they work in theory“. 1password isn’t a proper, it’s a proprietary solution. Especially, because I know there are apps that are captureing screenshots and syncing more than crash analytics, I didn’t trust closed source software my most sensitive data. Some of them are sniffing all the way and we have no real security in terms of „integrity“. They are telling me something about encryption but can’t proof me and others a „proper“ implementation of their mathematics.
In addition, I was „Apple software“/ AppStore develooper some time ago. Have a closer look at their developer program contract at the section about software im/export. There was an interesting and scarry rule to only use „governmental approved“ encryption technologies. Developers are not allowed to use their own implementation without permission. Why do you think is that so?
Last but not least, mobile phone users usually don’t have a deeper software understanding and no traffic analysis tools like Little Snitch to block outgoing connections. In this case, this would a real security & trust benefit
But I,ll see, you guys have other priorities. I‘ll just say, there is a usability issue between the official app and the mail login procedure. As far as I know, the universal link solution I‘ll recommend to you is very simple and could adress this gap. If you don’t have time for that, it’s okay for me.
But please don’t say to me, I should trust 3rd parties my most sensitive data. I won’t.
I like the OTP link solution. This is great idea of 2FA made easy. If someone gets unauthorized access to my mails, I would notice and prevent this that for sure.
But if someone finds a way to jailbreak / root my mobile device remotely and there might be spying options ans key loggers implemted, I‘ll never notice that, until it’s too late.
We are aware of this issue and have some plans to fix this by doing all auth in safari and delegating back to app, but it may take us a bit to get to it
This is a valid argument BUT this requires additional trust into another security layer and certifcate authorities. In my opinion “a nice to have” security through obscurity instance. It’s not about “real” transparency
At the end of the day, ownership plays an important role in time of SaaS providers and comlex system security. Give me the CA master key to the TPM and I’ll agree to you.
I’d like to have full control over my IT, don’t you?
Sure, “some kind of”. But not the master key. Have a closer look at Apple’s new T2 TPM chip for example and who is deciding about legitimate operating system software. I can disable this only on Macs but can’t provision the chip with a new CA on my own way to (dis-)allow full-system access.