By the Fleetsmith Product Team
One of the unique attributes of Fleetsmith is that it is very tightly integrated with G Suite and Office 365 as identity providers (IdPs). This model has numerous benefits—it’s secure, easier to manage, and saves a ton of time when you import users into Fleetsmith.
There’s just one downside: in order to use Fleetsmith, you had to be a user of G Suite or Office 365. Today, we’re pleased to announce that you can now sign up for Fleetsmith with just an email address, and use it without connecting an IdP.
Since it’s hard to assign devices without people to assign them to, we’ve also added the ability to import new users manually by uploading a .csv file. Once they’re in the system, these behave exactly the same as users that have been automatically imported from an IdP.
No more passwords: Enter magic links!
One “magical” thing you’ll notice about Fleetsmith Accounts: there’s no passwords! Rather than asking you to create a login password that you’ll have to store somewhere or remember, we simply email you a one-time magic link that will log you in and take you to the Fleetsmith console. When you log-in after that, you need only enter your email to receive another magic link.
Why did we do this? It was a deliberate decision by our security team. Passwords are a secure authentication method, but only if you do everything right and follow all the guidelines for password security, and that’s hard to ensure.
We agree with Adobe’s Khoi Vinh that passwords are a design problem (and not just because he cites our password guide, either). Not only are they a poor user experience—who hasn’t at one point repeatedly mistyped a password and been locked out of their account—but they’re such a poor user experience that it’s actually self-defeating. The strain of having to come up with a unique password for every login causes people to take shortcuts that make it more likely their password will be cracked—using passwords that are too short in the pursuit of memorability, reusing passwords, falling back on easy-to-guess patterns, etc.
For you, passwordless authentication with a magic link is considerably simpler—no extra information to remember, nothing to type, and login in roughly four clicks. For us, it presents a very similar security profile as our existing G Suite and Office 365 authentication. There’s no database of your passwords that we secure and maintain, which means it can’t be compromised in the event of a data breach. We think that passwordless authentication through things like IdPs and magic links is a better security paradigm, and we’re pleased to be doing our part to move the industry in this direction.
As always, we love to hear your feedback, so please write us at firstname.lastname@example.org with any comments or questions.