barefootguru Posted July 30, 2017 Report Share Posted July 30, 2017 I've posted in the GS forums the nuisance and decreased security that having to reauthenticate every 90 days represents (https://forums.geocaching.com/GC/index.php?/topic/345370-feature-request-dont-expire-access-token-after-90-days/). Is there anything Cachly could do to make this less painful… Maybe save my password and reauthenticate automatically? or allow me to use Safari's saved password on the GS login screen? Quote Link to comment Share on other sites More sharing options...
0 Team DEMP Posted July 30, 2017 Report Share Posted July 30, 2017 I could be mistaken, but Cachy doesn't have your password. You are logging into the Geocaching.com site, not into Cachly, and then Geocaching.com gives Cachly a token that it uses for you. As far as I'm aware, Cachly, or any site that leverages access via geocaching.com, doesn't see your password. Quote Link to comment Share on other sites More sharing options...
0 barefootguru Posted July 30, 2017 Author Report Share Posted July 30, 2017 I believe that too, but authentication appears to be a series of web pages, so Cachly could save my password then enter it for me, or enable keychain access on those pages. Quote Link to comment Share on other sites More sharing options...
0 Team DEMP Posted July 30, 2017 Report Share Posted July 30, 2017 No, Cachly wouldn't do that. The entire authentication architecture is based on 3rd parties not having that info. Quote Link to comment Share on other sites More sharing options...
0 Nic Hubbard Posted July 31, 2017 Report Share Posted July 31, 2017 7 hours ago, Team DEMP said: I could be mistaken, but Cachy doesn't have your password. You are logging into the Geocaching.com site, not into Cachly, and then Geocaching.com gives Cachly a token that it uses for you. As far as I'm aware, Cachly, or any site that leverages access via geocaching.com, doesn't see your password. Correct. We never know your password, and do not want to know them. We only hold the auth token in the iOS keychain. Quote Link to comment Share on other sites More sharing options...
0 Nic Hubbard Posted July 31, 2017 Report Share Posted July 31, 2017 7 hours ago, barefootguru said: I believe that too, but authentication appears to be a series of web pages, so Cachly could save my password then enter it for me, or enable keychain access on those pages. No. The security implications of us saving users passwords is not something we want. This is the reason why OAuth is used and connects with Groundspeak, so we don't have to save passwords. In 3.0.3 when you are asked you re-authenticate you will be asked if you want to Logout or Cancel. You can cancel if you need to continue using Cachly. Previously it would log you out without any option. Quote Link to comment Share on other sites More sharing options...
0 barefootguru Posted November 20, 2017 Author Report Share Posted November 20, 2017 Good to see you managed this in 3.1 Nic Hubbard 1 Quote Link to comment Share on other sites More sharing options...
Question
barefootguru
I've posted in the GS forums the nuisance and decreased security that having to reauthenticate every 90 days represents (https://forums.geocaching.com/GC/index.php?/topic/345370-feature-request-dont-expire-access-token-after-90-days/).
Is there anything Cachly could do to make this less painful…
Maybe save my password and reauthenticate automatically?
or allow me to use Safari's saved password on the GS login screen?
Link to comment
Share on other sites
6 answers to this question
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.