Yes, you can filter by email address or email domain. It's one of the things we get for free by using WordPress Social Login.

Hi HN,

We received a number of requests from (ex-)Clef users asking if we would perhaps build an authentication plug-in for WordPress, now that Clef is sunsetting.

This is our first version: We opted to use a proven extension as a base, and collect feedback. Then use that to develop a stand-alone plug-in in the future.

Tell us what you think!

- Pieter

Yes! As a site admin in today's world, you should indeed not want to store passwords. Or even personal data for that matter.

I applaud this initiative since it lists exactly the reasons why we started Authentiq: Decentralization, usability, privacy, safety for end users (which is very different from merely offering security features that most people don't use).

Authentiq is similar in goals and architecture, yet with a more comprehensive feature set, since we aim to support existing standards (like OIDC) as the integration point for developers, and offer a more complete mobile identity to end users so that the site owner doesn't need to store those details either.

That said, I'm very keen to see if we can add support for the OP's authentication protocol soon. Check us out here if interested: https://www.authentiq.com/

> I'm very keen to see if we can add support for the OP's authentication protocol soon

It doesn't sound plausible, it only works without a middlemen.

There are probably several angles on this. One is to let our Authentiq ID mobile app support and sign in to SecureLogin sites. Another to let websites that use Authentiq automatically support sign-ins with SecureLogin. These look feasible at first sight.

A third, replacing our current auth flow with SecureLogin indeed isn't likely to work for reasons you mention.

Or any server side store, maybe DynamoDB.

You probably mean €500 thousand, not million.

This is indeed a typical configuration for authoritative name servers.

"Passwords might be useful for someone who works on a public computer at the library."

Key loggers anyone?

For one the fact that (the author of NaCL) Daniel Bernstein is backing it.

DJB wrote the original tweetnacl.c, from which this JavaScript implementation is derived. He doesn't have anything to do with the port.

You guys are right of course; I was looking at the C version.

I really doubt that, where does it say so? AFAIK, he supported the TweetNaCl in C. That does not mean anything concerning this port.

> And always unbundle DNS contract from hosting contract, so you can switch fast, in case your hosting provider sucks.

With Hetzner that is indeed a necessity. They sell cheap iron, but don't expect any support from them and be prepared to move out quickly.

Hetzner null route you in the event of a DDoS.

Better using OVH.

So, what other extensions can we ditch now?

I really like the UX of SDC; are Disconnect or DoNotTrackMe just clutter, or adding value still?