Replies: 10 comments 9 replies
-
The reason we didn't include email/password accounts is because we didn't want to deal with sending emails for things like password reset. By only using other authentication providers we can avoid the support hell that is "I can't get into my account," instead that's all shifted to the services you can login with. As for TOS and emails, we didn't include anything because the TOS we based ours on (Hugging Face and Imgur) didn't include anything about it either. We don't currently have any plans to use email addresses, but they are used by the authentication package we use (NextAuth) to ensure accounts are unique. I don't like email. I don't like getting it and I don't want to send it. I'll dig into our authentication system to see if there is a way for us to disable the need for an email all together. Would that be a reasonable resolution for you? |
Beta Was this translation helpful? Give feedback.
-
I fully support the idea to intruduce an alternative method. So far the whole civitai as a centralized place is cool but on the other side i avoid it like the plague since having everything connected with eachother is not cool. Maybe not because of civitai using it maliciously but rather reddit now having a connection between those two accounts. The most simple thing would be to only have, usename and password and email for recovery only as optional. Alternatively make it social media 0Auth login and only username and password but putting a large disclaimer there that if you choose a username and password without a 0Auth method you risk losing your password without an option to reset it. Dont make your personal preferences a user issue. "i dont like emails" is not a valid way to talk your way out of a world that is relying on email as its the most robust atm. |
Beta Was this translation helpful? Give feedback.
-
This is live! You can now login with an email address 😊 |
Beta Was this translation helpful? Give feedback.
-
Sorry, but the authorization system on the site can hardly be called adequate.
|
Beta Was this translation helpful? Give feedback.
-
Also, every time you guys 503 it de-auths the OAuth token and logs me out of every civitai page in tabs. And you guys been getting 503'd alot recently. |
Beta Was this translation helpful? Give feedback.
-
I dunno if passwordless login is a good tradeoff, issue for me is the UX is disruptive
Whereas if you let us add passwords, the process is
And yes, the API technically allows you to bypass the gating mechanism, but I don't think most users are going to bother to work around it If as you say you "didn't want to deal with sending emails for things like password reset", "don't like email", "don't like getting it" and "don't want to send it," then why do every time you make users to have to login to browse a model you send them an email? Seems like it adds more friction to the process than is necessary. I'd rather deal with needing a password reset once or twice than having to put up with going through an email flow every single time I need to login And personally I do not want to have to use a social account to log in, it's a privacy concern from my standpoint |
Beta Was this translation helpful? Give feedback.
-
Love how there is now an e-mail login (hate sites that force you to link through social media which I avoid). but the e-mail never shows up. Or at least waiting 15 minuets and it still has not arrived. |
Beta Was this translation helpful? Give feedback.
-
So... |
Beta Was this translation helpful? Give feedback.
-
It's quite frankly entirely irresponsible that you allow people to add payment methods and all, but no way of changing email address or password or anything. If someone were to get ahold of the account, there'd be basically nothing you could do to thwart them aside from deleting your account, it seems. |
Beta Was this translation helpful? Give feedback.
-
Login + password would be nice, I wipe all cookies on browser close and on a regular basis. Someone like scaleway does it in a way I like. Of course there's also FIDO keys, which I am a bit weary of because they identify the person rather than the account What I would love is login with a X.509 smartcard, they're cheap, they're reliable (it's the tech in your credit card) and they're impersonal (it's the person with the card login in, not the identified owner of the fido key ) I explored the nuance between smartcard and fido keys here, if you are curious |
Beta Was this translation helpful? Give feedback.
-
This is made even more stupid by the fact you are required to provide an email to complete the registration. An email address which cannot be changed/removed and isn't displayed anywhere on the account settings.
Stating what you are doing with the collected email addresses in the TOS is a necessity at the least. What exactly are the email addresses being used for? Will they be sold to 3rd parties?
tl;dr
you are already collecting email addresses and asking for user names. There is little reason we need to be forced to compromise privacy/security by linking to a 3rd party site.
Beta Was this translation helpful? Give feedback.
All reactions