After being completely passwordless since our beginning in 2015, it was about time!
You can now set a password on your Open Collective account. The feature is available for everyone from the new "Security" section of your personal settings.
While we're happy finally making this available, we still think passwordless is relevant and it stays the default today, setting a password is completely optional.
For people deciding to do so, we recommend to use a strong password handled with a password manager (such as 1Password). When setting a password, we also recommend to setup Two factor authentication (2FA) with an authenticator app (such as Google Authenticator). Remember to avoid using your password manager for 2FA as this will technically not add a second factor and will not increase your security!
In case you lose your password, you will still have the possibility to sign in or reset your password per email, 2FA will keep being honored.
You can use them in a supported browser today, such as with a Yubikey, or Windows Hello and provide a very sound passwordless implementation. Big announcements from for example 1Password are expected this year as well. https://www.future.1password.com/passkeys/
And the work put into this to support the future of passwordless, should also translate well into supporting U2F as a much stronger alternative to the TOTP based 2FA that's currently available :]
Dread Knight
Posted on February 28, 2023