Hey, everyone! On Inleo, we value user-friendliness and security. We also take feedback very seriously, so when concerns about LeoAuth were brought up, we took action to update it with a new version that aims to enhance security while not ruining user-friendliness.
We also made our disclaimers about why you should consider something like Keychain more apparent.
In this clip:
- LeoAuth changes from cookie sessions to local storage
- security measures we took to improve it
- Multiple sign-in methods so users can choose their risk tolerance and user friendliness trade-off
- Security is always a priority
Although no leaks or issues occurred, in response to the feedback received, we switched from a cookie session to local storage, where the keys are encrypted on the local browser and decrypted for sign-in using a PIN.
The original version of LeoAuth never stored Hive keys, so after the update, no trace of data is left behind that could be compromised. This update shifts the risk from the network to local storage on your browser.
We offer LeoAuth as a more user-friendly way to sign in, especially for new users who might feel overwhelmed by having to download an extension or another app right away. However, we make it clear that while LeoAuth is convenient, it is not the most secure method, and we recommend downloading Hive Keychain for better security.
https://youtu.be/ZAj_yaAm4mU