Login without google / facebook

  • I loathe both of these companies. Could you make it so we don’t have to use them for the forums / remote login?

  • +1
    also for the "stand-alone" setup and for this forum

  • @joe-harper Hi Joe! Would you use phone authentication if we added support for it? You'd have to enter your phone number, and we'd verify that you have control over it in the background. Obviously, we'd only use it for authentication.

  • @ubnt-gunars I'm not Joe, but as someone with the same concerns, yes I would prefer phone authentication to it (though phone auth is also known not to be very secure). I do not have a Facebook account, and hate having a Google account.

  • @ubnt-gunars Hi Gunars! I'm curious: Is your intention with that question to avoid having any kind of credential management?

  • @ubnt-gunars I would absolutely prefer standalone setup as well. Google and FB are both awful, and I would enthusiatiscally use neither given an alternative.

  • @shane-milton I like how apps that use phone authentication work. Very convenient for the user. Another reason is that it may allow us to add support for multiple users more quickly. Seems like if we were to select a single authentication method, this one would have a lot of advantages.

    @Andrew-Schwartzmeyer for added security we can still ask for password. Then it would effectively be 2FA, which is pretty secure.

  • @ubnt-gunars I would rather see a login using a public IP or a FQDN. Even Apple Airport units had a "WAN Setup" feature with an app to connect. My AHD has a public address on the WAN side. My networks are secure and I don't like "authenticating" through ANY other network. I created a Google account for the sole purpose of remotely accessing my AHD. Even with a phone auth, you would still connect to some public entity that would identify your phone number/password and give you access to your OWN Amplifi unit. The WAN access should have been there from the beginning and the issue with other types of auth - which is the vast majority of users - could be debated. I guess if the "phone auth" or whatever iteration comes from that is the only option, then I guess so be it.

  • @hanz-shcaerp we need a way to access units behind NAT, so in general we can't rely on the router having direct access to a public IP address. We could give remote access privileges to the app instance that was used to set up AmpliFi by default. Then it would just work. And you could upgrade any device to have this privilege when it's connected to the router locally, so long as you know the security password. However, this won't work if you need to set up remote access on a new app instance (e.g. with a new phone) when you're far away from home.

  • @ubnt-gunars yes I would much rather have phone authentication. Thanks, hope this comes to fruition.

  • @ubnt-gunars Yes, I understand that you must drill through NAT to the units behind the router which does present an issue. However, I manage a block of public IP's and the LAN/VLANS behind them on UBNT Edgerouters/Switches, so I would be glad to test the option you proposed. Since the AHD does have direct access to a wide open public IP, I would also be glad to test any other options you might want to attempt. Just let me know!

  • @ubnt-gunars said in Login without google / facebook:

    @Andrew-Schwartzmeyer for added security we can still ask for password. Then it would effectively be 2FA, which is pretty secure.

    Phone + password (and no Facebook or Google) = happy user here 😄

  • I'm also onboard with any authentication option that doesn't require me to use a Google or Facebook account. I don't even have an FB account, and I was forced to pull out an old throwaway Google account just to post on this forum.

    From a security standpoint, push notifications to the Amplifi app + password would be great. The security problems with "phone based" 2FA are generally around SMS, so going with push would be a smart choice.

  • @ubnt-gunars 2FA is great. I also fully support. I do not want a simple Social Media Credential set to manage my personal home routers. It would be great if there is a possibility to integrate with someone like DUO Security to get features like push notifications instead of phone calls and text messages (I know easier said than done) But from personal use and managing the very same solution, its much more user friendly. Just a different thought. Hope to see some good updates down the pipe!

  • Late to the party, but all of the things here seem fine to me. It also seems like, if you're logged into the admin interface locally, it wouldn't be hard for the controller app and the router to negotiate a shared secret.

  • Seriously, I agree with everyone here. I even chatted with support. I asked if there was a way for users to double check that these social media companies aren’t using or getting our internet logs or traffic history after we associate the account with the router.

    How is this acceptable?!?!

    How does Eero do it? I switched from eero to amplifi and I had all these features and never logged into a social media account.

  • @ubnt-gunars couldn't you use a stun server, or a localised amplifi account that authenticates on an amplifi server.

  • +1

    Maybe we could login with ubiquiti or amplifi account.
    But it's the same problem with Teleport VPN.

  • In the Amplifi Smartphone app, I cann login with four different credential providers, but in the Web Console only with Google and Facebook, this is unacceptable.
    I just bought my Amplifi HD Mesh system and this is pretty sad.

  • i am also looking for a good to log on without Google or FB.

Log in to reply