User IDs in TroveStar

Published: 2019-01-24 - By: gdm
Last updated on: 2019-01-29
visibility: Public
So why does TroveStar require you to create a Google ID instead of doing the work of keeping track of userids and passwords on the TroveStar website?

First off, there are a lot of bad actors out there. Early on, TroveStar was invaded by a bot that used a back door to add all sorts of spam advertisements into the database. We quickly detected the intrusion and removed the spam and the back door. From that point on, we realized we were a target and that we had to make sure that users were authenticated AND authorized before they could add any data to the system (such as a list of their personal inventory).

To do so, we knew we needed a login/password system just like every other website has. We also took pity on the poor users who have lists of dozens of userids and passwords that they need to memorize for every service they use. In introducing a new userid and password requirement we would present a hurdle that many prospective users of TroveStar would never jump.

So we had two choices. Either create a new userid/password system or piggyback onto someone else's. The two choices at the time for using other people's login systems were google and facebook. Unfortunately I am not very fond of facebook because people behave so poorly when they use it, so we nixed that and went to Google.

New users therefore could log into TroveStar without adding a new userid and password if they already have a google or YouTube account (plus several other google subsidiaries also work I think). People without a google account (such as many potential users) can create a new google userid and password just as easily on google as on TroveStar directly. So we figured that if you need to create a new userid, you might as well create a google userid because Google is much better at maintaining security than we are. They have some of the best information security people working for them bar none. You won't ever have to use gmail/google. You simply need to create a userid on gmail which will become your TroveStar userid. You simply log into google and your will also be logged on to TroveStar. And also, your userid and password are much safer in Google cloud than they would be in our database. Google is simply much better at keeping your user id and password safe than we are. This way, if we ever get hacked, you don't have to worry about your userid and password getting circulated on the dark web. We don't have them. Google does. We only have a list of your personal train inventory and likely nobody on the dark web is going to pay to get their hands on that. We have no access to your userid and/or password and that is a good thing. We simply ask google if you are logged in and they say yes or no.