Since we first launched Deckee, our team has been thinking a lot about security and how we can ensure our community’s personal information is kept safe now and in the future.
We wanted to make signing in to Deckee as simple and secure as possible. So when you need to sign in, we’ll send you an email that contains a magic verification link. Clicking on that link will sign you in. That’s all there is to it.
Why Deckee has no passwords
Surveys have shown that 88% of people have forgotten at least one password recently, and have been forced to reset it.
Here’s what happens when you forget a password:
You go to a website, click the “forgot password” link, and type in your email address.
You open an email from their website and click a special link they sent you.
This special link takes you back to their website and logs you in, then forces you to come up with a new password.
If you think about this for a moment, you’ll realise that your password does not actually matter. The only thing that matters is that you have access to the email address that’s associated with your account.
Thanks to the ‘forgot password’ feature that every website uses, every website already has passwordless login — they just don’t call it that.
So why do websites even use passwords?
Ask any cybersecurity person – passwords are throwback to when we didn’t have anything better. Even now, many websites have tried to fix it through adding things like Two Factor Authentication, additional passwords and other complex ideas. For websites where you store really sensitive information, like your bank, it’s a great way to protect your data. For Deckee, we want to make it super easy for you to be part of our community (and we’re not your bank). We think a lot more websites will do what we have done. It makes it easy for you, and stops hackers attacking websites to get passwords they can use on other websites.
But isn’t using a password faster than clicking a ‘special link’ in my email inbox?
Try it – there's not much difference really. In the time it takes you to reset a password, you will already be using Deckee. Plus, we also keep you logged in (whenever we can).
What if someone gets access to my email inbox?
If someone has access to your email, they will likely be able to gain access to all of your online accounts, not just Deckee!
Even if Deckee required passwords, we’d need a ‘forgot password’ system, and someone could use that to gain access by sending a password reset to your email address.
What happens if I forward a sign-in link to someone else?
Don’t do that. Anyone who has the email will be able to sign in to your Deckee account.
Is this system really that secure?
We are fortunate to have worked with cybersecurity experts who have tested our system and support this move (and also use it to sign in to Deckee).