pull down to refresh

Especially for those of us who have been on stacker.news a little longer, this is really important. I was lucky enough to to re-gain access with some help from @k00b and @alby support, but based on what I'm hearing, I gather there's some people who have lost access for good.
Here's a quote from Alby:
Lightning Login was implemented in different ways by different wallets. This also adds some problems when attempting to make it a standard. The way Alby implemented it with the custodial accounts was indeed related to the lndhub credentials. This brings two problems: you depend on Alby's for your account since the login is linked to a custodial account. And with newer lndhub credentials, when those are renewed, you will lose the login. only legacy lndhub lightning login accounts could be recovered. But legacy lndhub credentials are somehow a security risk because they do not expire. All of these complications are simply to strongly recommend you to link your stacker news account to additional auth options as stated in the first part of the email.
Here's how to do it:
  • Click on your profile name, top right, to drop down the menu.
  • Choose Settings in the menu
  • At the very bottom of the Settings screen is the Auth Methods section. You can add additional authentication methods such as Nostr, Github, Email, etc.
55 sats \ 0 replies \ @Alby 23 Jul
"Login with Lightning" with custodial solutions is effectively signing in with the node that wallet uses - user doesn't really own the credentials.
When using Alby Extension, it is recommended to use Master Key (or Nostr keys) to authenticate to Stacker, Geyser, LNMarkets... These keys are yours and we, Alby, (nor Stacker, Geyser, LNMarkets...) do not see them
reply
55 sats \ 0 replies \ @Taft 22 Jul
That’s a good advice! I have already added an additional authentication.
reply
By linking authentication methods aren't you compromising your anonymity somewhat?
reply
You are creating a correlation between what may otherwise appear to be independent online identities, yep.
FWIW, if you authenticate to SN via email, your email address isn’t saved
reply
10 sats \ 1 reply \ @Fritz 24 Jul
Good to know, thanks
reply
You’re welcome!
reply
I don't really believe it's not saved...
reply
I made the changes myself :) you can review the source code, too!
reply
It is not provable that the software actually running the SN website is the one in the repository. It is not provable that they don't do any hidden data logging.
Do not trust, do not input email address, use Tor.
reply
I agree it’s not provable that what’s running matches what’s in the repo. It’s pretty hard to prove that something isn’t happening, you’re right. You can always use a burner email, or a dedicated email for SN. Good call being skeptical. Practice good opsec everyone
reply
Good reminder.
reply
21 sats \ 0 replies \ @NRS 22 Jul
Like it
reply
FYI - I just tested out my secondary authentication on another browser, and wanted to report that it works great, zaps and all.
reply
just thinking
this is problematic only if you login with lighting.
I am using nostr login (well, over @Alby extension) and if I am correct it is using nostr keys which I have under control so I should be OK, right?
reply
Sounds correct to me
reply
Thank you for your advice. I've migrated mine from one device to another, just by the same 12 words.
reply
Could you explain more about the 12 words thing?
reply
Good advice! I've logged in with lightning wallet. Is this sufficient?
reply
No, you don't want to be logged in just with lighting, add a backup authorization like email, Nostr, etc.
reply
Thank you so much!
I feel like lightning should be the most secured way of login and we should use it not to lose access to our SN account!
reply
Thanks for the reminder!
Does all backup login methods work in the same way or are there differences?
reply
32 sats \ 1 reply \ @k00b 23 Jul
Yes
reply
Thanks!!
reply
MFA might also be nice… hadn’t thought of that til now
reply
I should really consider this. I am thinking of changing emails, is that possible? @koob and @Alby, Is this possible to do? Move an account and change the main email it uses?
reply
I can’t speak for Alby, but I believe for SN, you’d have to:
  1. setup a second auth method on SN
  2. remove the current email from the SN account, then
  3. add the new email to the SN account
reply
Okay, I will have to try this.
reply
21 sats \ 0 replies \ @Alby 23 Jul
Yes sir, you can change e-mail of your Alby Account, and the extension doesn't require any!
reply
most people only have 1 login method?
reply
That was me, up until recently!
reply
stackers have outlawed this. turn on wild west mode in your /settings to see outlawed content.
stackers have outlawed this. turn on wild west mode in your /settings to see outlawed content.
deleted by author
reply