Subscribe
Sign in
Fast — World's fastest login and checkout
Fast is the easiest way to securely login.
The Fast button can be easily added to any website for secure one-click login for all users.
Fast supports 100% of users, authenticating through email, and doesn’t require users to have a Fast account.
Login, Fast!
96
Replies
△
How is this different from well established login alternatives like Facebook or Google? It would take some time from people to see this as a standard
Share
@jorgecerda a few major differences:
FB login is a single persona for you (typically personal) so generally not relevant for login to business applications.
FB and Google and incentivised by owning and monetising your profile/identity, Fast doesn’t collect or use any profile information at all.
FB and Google require you be a user before you can use their sign in, not everyone is, which is why there is always still a fallback to email/password.
Hey! Definitely neat, and the idea that it gives you the convenience of OAuth without having to rely on a big provider like Facebook, Google, or Twitter is definitely a plus. Also interesting is it'll give me more trust in the product once you guys launch your paid version. (You know the old adage: "If someone's not paying for the product, then they are the product.")
Are you folks planning on launching a bug bounty program? Since security is integral to a service like this, testing it for vulnerabilities will also be integral. Looking forward to where this goes!
@caffeinewriter will definitely be launching a bug bounty program, stay tuned. The paid product is about making it even easier again to login. Business/website will pay per user per month for that product, marginal cost.
@caffeinewriter but we will still keep the current product free as a feeder for the next!
@piotrszwach No native integration as yet, but our open API means you can integrate easily. Watch this space.
I like the idea and the execution, but would love more info on the security and tech behind it.
an aside: is it built on Laravel?
@danmatthews what we are doing is scaling authentication, it doesn't make sense that we continually re-login everywhere and duplicate authentication over & over. So Fast authenticates a user, using existing and accepted industry security, then provides access to that authenticated token to multiple services/websites.
Built with PHP (Not Laravel) / GoLang / Node
@domm Thanks for the reply, i really like it, gonna add it to a few apps i use - one of which is used daily by university students who just can't seem to ever remember their password.
Are you planning to charge for it in the future? I'll probably stick it on https://endear.app when we launch too, i like the idea.
@danmatthews Fantastic, looking forward to having you onboard - let me know as you launch them domm@fast.co. This product is our free product, we have a v2 paid product already in beta which is the next gen 'easier' version of this!
This will really change everything about how we login to sites. It’s a no-brainer and can see this being widely adopted at a rapid rate.
@domm How can a user who signed up with emailA change their email to emailB in our app?
@mikestaub you need to give them that functionality in your app, then next time they login with the new email through Fast will be as normal 👌
UI design is a little haphazard, long email overhanging boundaries, hamburger menus in the middle of the top nav. These small details build trust especially important for authentication.
Pros:Nice implementation of email based authentication
Cons:Lots of opportunity for polish improvements. Details matter for trust.
Looking great, I can't wait to see this out in the world with more and more platforms. Gotta think this is awesome for D2C brands too.
@petedavisuk Absolutely, for eCommerce = gain sales and reduces cart abandonment, for SAAS increase retention and LTV!
IMO centralisation of authentication can be dangerous. If the user's Fast account is compromised, they are royally screwed.
@dmitry_gorshkov obviously any service providing authentication including Fast needs to be acutely aware of security risks. However, currently the weakest attribute of Fast currently is the email account, which is already the webs weakest links with reset password links. We actually don’t have Fast accounts so there is no ‘account’ feature that is vulnerable. And we have actually seen huge amounts of vulnerability because of duplication of authentication, same passwords used everywhere, unencrypted passwords on servers, decryptable passwords etc... there are a lot of userability, scalability and security benefits you can receive from utilising one authentication engine.
I have been waiting for something like this. How can it prevent users thinking the site is weakly secured? - Maybe the button needs strengthening up.
@sturusell button is absolutely key to messaging, but we also leverage the trust of the host site. Bigger the network of installed sites, the bigger the inferred trust for the user.
@domm this is great, but I wonder if you have any thoughts about how something like this could work in native mobile apps instead of on a browser where you can easily track a user across multiple websites using cookies. I'd imagine it'd be much more difficult to get something like this functioning for native mobile applications.
I'm curious about your checkout product. Is it like Apple Pay where you are providing the merchant account as well, or are you passing all the card info to the merchants shop for them to use their already existing gateway?
Looks like a Magic Link as a service? Any reason this is different or better than just implementing a magic link flow to an app? Just easier to integrate / build perhaps?
@domm Nice idea but the doc is very light on details. I can't figure out what the challenge_id or oth are and since there isn't a feedback or support mechanism on the website it's not possible to ask for help
@chinenye_egbe hey feel free to email us on the support email listed on site hi@fast.co. Always happy to help.
Great idea;) question - let's say our user typed their email with a typo mistake. Started using our app (we we started to connect things they did to their account) - since they never confirmed their email such accounts are still "guests" then correct? until user actually confirms their email we should not treat such login as authed?
@masterserge if they typed their email wrong, they would never receive the authentication email and wouldn't be logged in through fast with that email. We would direct them back to correct their email.
Really good idea but I am wondering how do you comply with GDPR because sharing session information across fast.co users doesn't seem very compliant. Also I would like to know how you handle security risks like XSS as this seems to be a very weak point.
@jacobo_vidal the only PII we deal with is email and IP and it is strictly used to perform authentication. Regarding XSS, even if another service intercepted a token has no value other than to prove that the user is authenticated. And that authentication can only be proven with a private key from the original site anywho.
@jacobo_vidal but great questions, thanks a lot for getting involved and trying out Fast!
way better than typing name and personal info, skipping straight to the email confirmation!
@domm This is really interesting! Do you share my email with the websites I login to?
@gabe_ragland thanks Gabe, yes only with the site you are logging into, so they can associate your login with the user record in their database linked to that email.