PSA - you should add backup authentication to Stacker News TODAY \ stacker news ~meta

PSA - you should add backup authentication to Stacker News TODAY

2067 sats \ 35 comments \ @Signal312 22 Jul meta

Especially for those of us who have been on stacker.news a little longer, this is really important. I was lucky enough to to re-gain access with some help from @k00b and @alby support, but based on what I'm hearing, I gather there's some people who have lost access for good.

Here's a quote from Alby:

Lightning Login was implemented in different ways by different wallets. This also adds some problems when attempting to make it a standard. The way Alby implemented it with the custodial accounts was indeed related to the lndhub credentials. This brings two problems: you depend on Alby's for your account since the login is linked to a custodial account. And with newer lndhub credentials, when those are renewed, you will lose the login. only legacy lndhub lightning login accounts could be recovered. But legacy lndhub credentials are somehow a security risk because they do not expire. All of these complications are simply to strongly recommend you to link your stacker news account to additional auth options as stated in the first part of the email.

Here's how to do it:

Click on your profile name, top right, to drop down the menu.
Choose Settings in the menu
At the very bottom of the Settings screen is the Auth Methods section. You can add additional authentication methods such as Nostr, Github, Email, etc.

view all related items

55 sats \ 0 replies \ @Alby 23 Jul

"Login with Lightning" with custodial solutions is effectively signing in with the node that wallet uses - user doesn't really own the credentials.

When using Alby Extension, it is recommended to use Master Key (or Nostr keys) to authenticate to Stacker, Geyser, LNMarkets... These keys are yours and we, Alby, (nor Stacker, Geyser, LNMarkets...) do not see them

55 sats \ 0 replies \ @Taft 22 Jul

That’s a good advice! I have already added an additional authentication.

100 sats \ 7 replies \ @BallLightning 23 Jul

By linking authentication methods aren't you compromising your anonymity somewhat?

2 sats \ 6 replies \ @WeAreAllSatoshi 23 Jul

You are creating a correlation between what may otherwise appear to be independent online identities, yep.

FWIW, if you authenticate to SN via email, your email address isn’t saved

10 sats \ 1 reply \ @Fritz 24 Jul

Good to know, thanks

0 sats \ 0 replies \ @WeAreAllSatoshi 24 Jul

You’re welcome!

0 sats \ 3 replies \ @BallLightning 23 Jul

I don't really believe it's not saved...

0 sats \ 2 replies \ @WeAreAllSatoshi 23 Jul

I made the changes myself :) you can review the source code, too!

30 sats \ 1 reply \ @0xIlmari 23 Jul

It is not provable that the software actually running the SN website is the one in the repository. It is not provable that they don't do any hidden data logging.

Do not trust, do not input email address, use Tor.

0 sats \ 0 replies \ @WeAreAllSatoshi 23 Jul

I agree it’s not provable that what’s running matches what’s in the repo. It’s pretty hard to prove that something isn’t happening, you’re right. You can always use a burner email, or a dedicated email for SN. Good call being skeptical. Practice good opsec everyone

21 sats \ 0 replies \ @Rsync25 22 Jul

Good reminder.

21 sats \ 0 replies \ @NRS 22 Jul

Like it

0 sats \ 0 replies \ @Signal312 OP 25 Jul

FYI - I just tested out my secondary authentication on another browser, and wanted to report that it works great, zaps and all.

0 sats \ 1 reply \ @trieska 23 Jul

just thinking

this is problematic only if you login with lighting.

I am using nostr login (well, over @Alby extension) and if I am correct it is using nostr keys which I have under control so I should be OK, right?

100 sats \ 0 replies \ @WeAreAllSatoshi 23 Jul

Sounds correct to me

0 sats \ 0 replies \ @Satoshi__Nakamoto 23 Jul

https://m.stacker.news/41190

0 sats \ 1 reply \ @hasherstacker 23 Jul

Thank you for your advice. I've migrated mine from one device to another, just by the same 12 words.

0 sats \ 0 replies \ @Signal312 OP 23 Jul

Could you explain more about the 12 words thing?

0 sats \ 1 reply \ @IamSINGLE 23 Jul

Good advice! I've logged in with lightning wallet. Is this sufficient?

0 sats \ 0 replies \ @Signal312 OP 23 Jul

No, you don't want to be logged in just with lighting, add a backup authorization like email, Nostr, etc.

0 sats \ 0 replies \ @BitcoinAbhi 23 Jul

Thank you so much!

I feel like lightning should be the most secured way of login and we should use it not to lose access to our SN account!

0 sats \ 2 replies \ @Coinsreporter 23 Jul

Thanks for the reminder!

Does all backup login methods work in the same way or are there differences?

cc: @k00b @ek

32 sats \ 1 reply \ @k00b 23 Jul

Yes

0 sats \ 0 replies \ @Coinsreporter 23 Jul

Thanks!!

0 sats \ 0 replies \ @WeAreAllSatoshi 23 Jul

MFA might also be nice… hadn’t thought of that til now

0 sats \ 3 replies \ @Satosora 22 Jul

I should really consider this. I am thinking of changing emails, is that possible? @koob and @Alby, Is this possible to do? Move an account and change the main email it uses?

10 sats \ 1 reply \ @WeAreAllSatoshi 23 Jul

I can’t speak for Alby, but I believe for SN, you’d have to:

setup a second auth method on SN
remove the current email from the SN account, then
add the new email to the SN account

0 sats \ 0 replies \ @Satosora 23 Jul

Okay, I will have to try this.

21 sats \ 0 replies \ @Alby 23 Jul

Yes sir, you can change e-mail of your Alby Account, and the extension doesn't require any!

0 sats \ 1 reply \ @Bell_curve 22 Jul

most people only have 1 login method?

21 sats \ 0 replies \ @Signal312 OP 22 Jul

That was me, up until recently!

10 sats \ 1 reply \ @Octopus 23 Jul outlawed

stackers have outlawed this. turn on wild west mode in your /settings to see outlawed content.

0 sats \ 0 replies \ @5d586573ac 23 Jul outlawed

stackers have outlawed this. turn on wild west mode in your /settings to see outlawed content.

0 sats \ 0 replies \ @versieboer 23 Jul

deleted by author