Ever struggled to explain all the hoops (keys, password, login methods, etc.) to new comers when they signup? This new improvement will change everything...
Ecency utilizes Hivesigner as one of the Login methods on both Website and Mobile app. In this slightly technical post, we would like to explain new additions.
Hivesigner OAuth2 is very powerful, it is not only allowing us to secure all our internal APIs with security it needs from brute force and other attacks, but also making sure your keys are secure and doesn't fall into hands of hackers and abusers. Only you have access to your keys.
OAuth2 flow
OAuth2 login flow works quite simple, user clicks on Hivesigner button, goes to Hivesigner.com, logins and redirected back to application with access_token. So applications integrating Hivesigner have to be able to understand redirects coming from Hivesigner.com with access token. And extract access token to verify and log user in. All applications which has Hivesigner.com, already have this path and logic. None of the apps will have your private keys/password, only access token. Access token is basically a message signed with your private key that verifies who you are.
API security
User obtaining/generating access token from Hivesigner to use Ecency and we verify those access tokens before allowing access our sensitive data through our API. This is super, right? Hive itself is securing 3rd party APIs such as ours. Also with that access token you are able to do all social activities on Hive apps.
1-Click login
Now, how our onboaring system works? Our onboarding generates random keys and destroys them right away and send details out via email.
Since we are utilizing access token already in our applications and we are also onboarding people, we came up with idea of getting access token from Hivesigner and include that into email as well. Destroy all details before email is sent out. This allowed us to include access token into email and use OAuth2 redirect path which our applications already understand.
In result, we got literally 1-Click login system.
In picture above you can see how our new onboarding emails look like after this change. No more copying password and username into clipboard, enter details manually on website or mobile app. You got email from signup, click on Try 1-Click login, you are already inside Ecency.com or Ecency mobile application. Security note, 1-Click login link works only first 7 days, after that it won't work. You will have to use your credentials, at that point new access token will be generated by website/app usual way.
Other changes
We have made few other changes into onboarding flow. In most recent website and mobile app releases, we have simplified and unified Signup pages, so your experience in both platforms will be same. Improved username checks as well as lowered IP quality checks on backend.
We continue to serve our web3 community by providing one of the best onboarding experience.
Now I understand why my friend who just created her account yesterday make it easier to sign up unlike those other referrals that Ai have before who experienced alot of errors and I guess until now they didn't got the chance to successfully sign up.. Might pm them about the update
I needed to create a new community account for DreemPort... I'll give you one guess how I'm going to be doing that today!!! hahaha
Awesome job @ecency!!!
Onboarding is one of the biggest challenges for Hive! Glad someone still has some focus on making this easier!
Thank you for continually working to make it easier for new members to join the community.
!Gif Good Job!
Stay !ALIVE
!LUV
ecency, pedrobrito2004 sent you LUV. 🙂 (1/3) tools | trade | connect | daily
Made with LUV by crrdlx.
@ecency! You Are Alive so I just staked 0.1 $ALIVE to your account on behalf of @ pedrobrito2004. (2/10)
The tip has been paid for by the We Are Alive Tribe through the earnings on @alive.chat, feel free to swing by our daily chat any time you want, plus you can win Hive Power (2x 50 HP) and Alive Power (2x 500 AP) delegations (4 weeks), and Ecency Points (4x 50 EP), in our chat every day.
That's a fantastic development. Security is the most important aspect here. No compromise with that.
Easy onboarding is also the same.
#aliveandthriving
Exactly, security and self-custody while ease the usage.
Congratulations. This is indeed a step forward, in terms of safety and simplicity.
Brilliant! ♥️
literally needed to create an account today - hehehe i'll let you know how it goes with this new system! woo hoooo!
Thanks for sharing such an informative post.
Excellent work
This is amazing post. Thanks for the update
https://inleo.io/threads/hafiz34/re-leothreads-bqddnteb
The rewards earned on this comment will go directly to the people ( hafiz34 ) sharing the post on LeoThreads,LikeTu,dBuzz.
Thanks for sharing ☝🏼
Nice! Thanks! 👍
!LUV
ecency, acgalarza sent you LUV. 🙂 (1/1) tools | trade | connect | daily
Made with LUV by crrdlx.
Awesome, you did a good job!
!COFFEE
I have also seen for a long time that the team is working very hard and making things easier for people.
Is there a way to recover your passwords if the account is created through ecency?
Fantastic work!! So many great new features in Ecency!
Oh my god this is a game changer for onboardings! Thank you for the great work :)
edit: I just tried the free signup and you need to work on the IP quality check in my opinion. How come a German IP quality score is too low to get a free account? If I check on a 3rd party website it says that I have a "low risk for fraud". If this happens on 50% of the onboardings I think that any improvement on the onboarding process (for example as you described here) is almost useless (sorry for the wording but it is what it is)
I will sent this to my friend.
Great work.
Question, do you actually send the plain text private keys via email?
We send password and ask user to change it. It is not super secure if person doesn’t change or user email is compromised but alternative is much worse people tend to loose or don’t backup keys properly.
Employees from the email provider and employees of any third-party tools that have access to the emails would also be able to access the private keys then. It is known that they collect data using AI to make personalized profiles of who buys what, etc. And that they've given access to third-party tools. Unfortunately.
How about adding a step that verifies the person has made a copy of their credentials? Register and show private keys, then hide private keys and ask the user to input them - only then is the registration finalized.
Onboard a friend signup option works similar way, in that signup option person has to download their keys before generate link for account creation process. So word of mouth and friend onboarding is more secure and trustless with moderately complex flow. So there is easy, moderate and hard account creation flows on Ecency.
Oh, great to hear that you have that process as well.
For the easier process where the plain text private keys are sent via email, would it make sense to somehow make it clear to the person via email reminders and reminders on the app that they haven't changed their private keys so the email provider and any third parties they work with has access to their account and all funds on it?
That’s good point that’s why users are recommended to change their password/keys right away. But for those who are new and don’t know anything about multiple keys and complications Hive brings, why make things too hard from the start. We tried to find a balance, as people get more familiar with our values and importance of keys, personal responsibilities they will be more likely take actions to protect themselves and their wealth.
This is so amazing. We new things every day that helps us use ecency happily.
Thanks alot
Great news! The learning curve sometimes slows down new users. Easier entry was necessary. And doing so by providing security is the key! thank you!
I love how easy it is to navigate the Ecency app, made my newbie journey smooth and worthwhile.
Well done for the constant upgrade @ecency, the team is really doing a nice job.
Keep up the great work guys 👍 !PGM
BUY AND STAKE THE PGM TO SEND A LOT OF TOKENS!
The tokens that the command sends are: 0.1 PGM-0.1 LVL-0.1 THGAMING-0.05 DEC-15 SBT-1 STARBITS-[0.00000001 BTC (SWAP.BTC) only if you have 2500 PGM in stake or more ]
5000 PGM IN STAKE = 2x rewards!
Discord
Support the curation account @ pgm-curator with a delegation 10 HP - 50 HP - 100 HP - 500 HP - 1000 HP
Get potential votes from @ pgm-curator by paying in PGM, here is a guide
I'm a bot, if you want a hand ask @ zottone444
I think this is such a great improvement, onboarding new members on hive has always been a sore, but I am happy with the new improvements, onboarding using decency is the best I have ever seen on hive. This is very commendable and I appreciate the effort of the community team.
I also wish to use this opportunity to inform you that if you are looking for a frontendDev, I am available and ready to work and expand my experience. I am proficient with HTML, CSS, tailwind CSS, Typescript, and javascript.
Good to see this kind of change, it might be easy for all new comers even for me now haha
!WEED
This was really helpful
I am just into this.It is so easy for me to log in as a new comer.Glad tp be here.
This is more easier for new members in the community at least the stress of copy keys is going to be the thing of the past. I like this innovation.