Frequently Asked QuestionsLast Updated: January 20, 2019
Q: How do you protect data?
We keep site visitor session cookies cryptographically signed using the latest algorithms. Once a user logs in, via email magic link or text code, the session is kept for 7 days. The session cookie is only available on the domain where it was placed.
Q: Is Weasl secure and trustworthy?
As far as trusting goes from a technical perspective:
we’ve been constantly testing for the OWASP top 10 of 2017
all calls to our user login API are NOT public and are locked down to our login iframe domain only
From a data privacy perspective, we’ll never sell any of your data to third party vendors - all your user data is yours forever.
Q: How do you store passwords?
We don't store any passwords. When a user signs up or logs in, they do it via email, text, or another service (such as Google or Facebook login). If they sign up via email, an email is sent to their email address giving them a login link (or "magic link" as Slack likes to call it). They click the link in their email and are taken directly to your website and automatically logged in via Weasl. If they enter their phone number, a text message is sent to them and they use the code from the text message to login without leaving your website.
This way we can know the confirmed identity of a user (such as confirming they receive texts or email at a specific phone number or email address) without needing to use passwords.
Q: How are login and signup different?
Login and signup actually use the same flow for the site visitor. The only difference is that if a user signs in the for the first time, a new user record is created. On your website use the weasl.login and weasl.signup methods to keep track of when to login and signup a user, respectively.
Q: What is the compatibility for different devices?
All operating systems, all web browsers, and all devices are compatible with Weasl's system.
Q: What customization is available?
As of today, you can customize:
- the URL to send site visitors to when they receive a "magic link" email
- the company name that is shown to users in the "magic link" email
- the text message that is sent to users when receiving a login code
We plan on having much more customization very soon- if you have anything you'd like specifically, just leave us a note in Drift!