

Ask HN: What type of login system should I implement for my site? - Immortalin

Hi, I am creating a indie appstore. I am wondering what is the best type of login system should I use in order to create a good UX. I am thinking of using a passwordless system where a temporary link is sent to your email instead of having a fixed password. Any advice on a good login system?
======
creyes123
I am planning on doing the same. Development of Mozilla Persona
([http://www.mozilla.org/en-US/persona/](http://www.mozilla.org/en-
US/persona/)) has continued, despite Mozilla's lack of funded developers. I
looked at it a year ago and the list of open bugs was a bit scary. But it
looks much better now.

OAuth 2 is a mess. I would not try to use it without a good library.
Thankfully, major websites are moving away from it and onto proprietary APIs
that are much cleaner. But nowadays all Facebook really wants to give you is
an id that is specific to your app. To get an email address, you have to get
permission from Facebook first. Even then, it is not guaranteed that the end
user will give it to you. They could have registered using their phone, for
example. Having an email address is obviously very valuable.

Stripe payments require an email address. I'm sure other billing systems do,
too. So an option is to just grab it when they pay for it. But you still need
an email authentication system like Persona on top.

If there are other easy to use systems (for end users and developers) out
there like Persona, I would love to hear about them, too.

------
foxpc
I'd probably just stick to having the authentication via main social sites -
Facebook, Twitter, Google. And most likely include GitHub for the hackers.

------
AndrewDucker
I went with Persona, which was very easy to implement, and didn't require me
to store passwords for users.

------
AndrewDucker
Creyes123 - your comments are all dead. Can't see an obvious reason why...

~~~
percept
Agreed, his comments seem thoughtful and balanced.

~~~
creyes123
For the curious, I just got this reply from HN staff:

"That account triggered a spam filter when it posted from a banned site. I've
unbanned that site, unbanned your account, and restored all your comments, so
the problem is fixed now.

The site was banned because the first few submissions from it looked a lot
like spam. Later submissions were legit, though, so this was a mistake at our
end. I'm sorry about that.

Thanks for letting us know about the problem, and please write if there's
anything else we can help with."

