Actor Typeahead for login page #314

closed

opened by

tynanpurdy.com 2 weeks ago

@jakelazaroff.com made this awesome web component. Would love to see it on the tangled login page. Makes logging in just that much easier. https://tangled.org/jakelazaroff.com/actor-typeahead

oppi.li 13d ago

we already use this library in several handle inputs, just not the login. this was a conscious decision.

tynanpurdy.com (author) 6d ago

Awesome! Why not use it on login?

oppi.li 6d ago

https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/03-Identity_Management_Testing/04-Testing_for_Account_Enumeration_and_Guessable_User_Account

it's typically bad practice to have enumerable usernames (not so much of an issue in atproto however). secondly, when new accounts are created, it takes a while for DNS to propagate and typeahead could potentially be incomplete for a short while. this could confuse new users when they create an account and continue to login.

Labels

None yet.

area

None yet.

assignee

None yet.

Participants 2

AT URI

at://did:plc:6ayddqghxhciedbaofoxkcbs/sh.tangled.repo.issue/3m6s4qy5xpj22