New authentication system

We’ve replaced our authentication system with a different one which lays the groundwork for further authentication features and improvements.

The authentication system we used since day one was Clearance. It is very simple authentication system and it has served us well, but customers requested additional features, such as authenticating using OAuth or 2-factor authentication. Implementing these feature with Clearance isn’t easy, so we looked at other options.

We found that the easiest way to add these feature was to migrate our authentication system to devise, which is more flexible and allows adding these feature using extensions.

Here are the changes you will notice on the authentication system as of today.

E-mail Address Verification

We’ve changed how new user accounts are created, and new user accounts will need to be confirmed before being able to use WebTranslateIt. An e-mail containing a verification link will be sent to the e-mail address provided and the user account will only be usable when the e-mail address is verified.

Same goes when you update the e-mail address used, an e-mail containing a confirmation link will be sent in order to change your e-mail address.

We have also flagged all the current user accounts as verified.

Password Strength Meter

We’ve also replaced the password strength validation with zxcvbn, a password strength estimator inspired by password crackers developed by Dropbox.

When creating a user account or when updating your password, a new password strength meter will show you how strong your password is.

Follow the advices given by zxcvbn and the password strength meter will let you know when the password you choose is strong enough.

Updated Settings Page

We’ve also updated the settings page. If you want to update your e-mail address, you can now do it under the “Password and E-mail” tab of the settings. Note that changing your e-mail will require you to enter your current password, and you will have to verify that e-mail address by clicking on the link on the verification e-mail.

Cookie Migration

The new authentication system uses a different cookie, but that change should be transparent to you, as we’ve added a system to migrate the previous cookie to a new one as you visit WebTranslateIt.

What’s Coming Up Next

In January 2023 we will work on adding authentication via OAuth. We plan to progressively add support for the following OAuth providers:

• Google
• GitHub
• Okta

If you have any request or feedback, don’t hesitate to let us know at support@webtranslateit.com.