-
Notifications
You must be signed in to change notification settings - Fork 3
Entry
When creating an account, you are required to provide a display name, email and password.
Display name is self-explanatory - it's the name by which other users will recognize you.
Additionally, while the term "password" might be self-evident there are certain aspects of passwords that must be addressed. All passwords are hashed and salted before stored in the database for maximum security; in the event of a database breach passwords would remain concealed. Password strength is evaluated by calculating its entropy (in physics, entropy refers to the disorder or randomness in a system). For obvious reasons, I figured this was a much more effective approach over traditional password requirements, such as requiring a capital letter or a number. By calculating entropy, passwords are evaluated objectively, in a mathematical way. For most applications, "Password123" would meet standard criteria. However, under this system, "Password123" would receive a password quality of "poor" - the lowest possible rating - and to be more precise, an entropy of approximately five bits.
Lastly, email is required for two step verification. When you attempt to login, a randomly generated verification code will be sent to your email, which you must provide to the server in order to complete the registration process. Even if your password is correct, without the verification code you won't be granted access to your account. The only method to bypass this step, is by using the backup verification codes received when registering for the first time. These backup codes can be regenerated at any time within the application.
Note: All settings related to the aforementioned features can be adjusted to your liking in the configuration folder.
"Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say"
— Dr. Edward Snowden