Frequently Asked QuestionsLast Updated: October 02, 2018
Q: How do you protect data?
We keep site visitor session cookies cryptographically signed using the latest algorithms. Once a user logs in, via email magic link or text code, the session is kept for 7 days. The session cookie is only available on the domain where it was placed.
Q: How do you store passwords?
We don't store any passwords. When a user signs up or logs in, they do it via email, text, or another service (such as Google or Facebook login). If they sign up via email, an email is sent to their email address giving them a login link (or "magic link" as Slack likes to call it). They click the link in their email and are taken directly to your website and automatically logged in via Weasl. If they enter their phone number, a text message is sent to them and they use the code from the text message to login without leaving your website.
This way we can know the confirmed identity of a user (such as confirming they receive texts or email at a specific phone number or email address) without needing to use passwords.
Q: How are login and signup different?
Login and signup actually use the same flow for the site visitor. The only difference is that if a user signs in the for the first time, a new user record is created. On your website use the weasl.login and weasl.signup methods to keep track of when to login and signup a user, respectively.
Q: What is the compatibility for different devices?
All operating systems, all web browsers, and all devices are compatible with Weasl's system.
Q: What customization is available?
As of today, you can customize:
- the URL to send site visitors to when they receive a "magic link" email
- the company name that is shown to users in the "magic link" email
- the text message that is sent to users when receiving a login code
We plan on having much more customization very soon- if you have anything you'd like specifically, just leave us a note in Drift!