Why just passwords?

Why does Kinopio have only password based login?

Because all the other options are worse

Let's go through them:

Password-less auth with an emailed token

(like notion and slack) is much easier to implement but the sign in process can be very annoying for users.

E.g. you go to sign in, but now you've got to open up your email app get emailed a link to sign in but your email client opens a different or embedded browser so now you have to copy and paste a thing into another thing.

Sign In with google/facebook/github/hell

Signing in with third party oauth providers is the easiest thing to implement, and gives you 2FA for free.

But in exchange for that convenience, you're giving over user data to big tech corps and the advertising-industrial complex that's ruining the web, and damaging democracy.

Also you can't just do one of them because someone will inevitably tell you that they don't have a [facebook] account. So you're sign in screen ends up looking like a rainbow colored mess of corporate logos, and the user has to remember which of these services they used with your particular service.

And lord help you if they sign in with a different one later and think that their data has disappeared.

Because browser password managers

A lot of old advice about avoiding requiring passwords because users will make their own (bad) ones is still true, but mitigated a lot by password managers - especially the ones built into browsers that autosuggest passwords.

Password managers also make signing back onto your service effortless.

Yes, storing passwords sucks

Ideally it's a liability I wouldn't need to have. But off the shelf encryption packages and best practices like rate-limiting are widespread and documented well-enough that I can provide a high degree of safety around them.

I also prevent users from making passwords less than 4 characters long, and disallow passwords that match a part or whole of the email address. (which I'm told is very common user behaiviour sadly)

The Last Two Months of Silent Building

Usually people who talk about success or how to make it are already successful. Their worries are far away. I'm not successful and boy do I have worries.

I've been working on an offline-first data-syncing system that'll allow people to create accounts, and pave the way for more ambitious collaboration features for about two months now. It's almost done, but it's taken so much longer than I wanted.

On one hand, two months to do all this is something most entire companies can't do. But on the other hand, I can only do one thing at a time. So while I've been working on this, I have nothing cool and new to share and user numbers are steadily declining.

The marketing lesson is that if you're not rising, you're falling.

I use kinopio a lot to get stuff like this out of my head and figure out actionable next steps.

I'll give myself another week of working on this. No matter what something will ship at the end of it (maybe the new UI will need to be temporarily hidden). Then I'll prioritize fun user-facing features for a little while, and get back to grinding on server stuff when I can.

company causes

i'm not really the target audience for anything Patagonia makes but i was browsing around the site today, and at it's best moments, they give you the vibe that they're selling clothes to fund/justify environmentalism - rather than the other way around.

There's the obvious cynical view of associating your brand with a positive cause and getting some of that shine. But who's to say they aren't genuine. And if they really help things, everyone wins.