Fast
One-click checkout, anywhere.
Start new thread
domm

Fast - World's fastest login and checkout

by
Fast is the easiest way to securely login.
The Fast button can be easily added to any website for secure one-click login for all users.
Fast supports 100% of users, authenticating through email, and doesn’t require users to have a Fast account.
Login, Fast!

Add a comment

Replies

Best
Sergey Rudenko
Great idea;) question - let's say our user typed their email with a typo mistake. Started using our app (we we started to connect things they did to their account) - since they never confirmed their email such accounts are still "guests" then correct? until user actually confirms their email we should not treat such login as authed?
domm
Maker
@masterserge if they typed their email wrong, they would never receive the authentication email and wouldn't be logged in through fast with that email. We would direct them back to correct their email.
jv
Cool product! can you you talk about what security you are using at all around token types, cryptography primitives, encryption standards? I'm curious what level of security this service will have for authN and authZ use cases.
domm
Maker
@john_vajda the real importance around WebAuthN and our role is helping it scale. Implement WebAuthN with Fast once, and use it everywhere!
jv
@domm Thanks! So you used WebAuthN framework for your service? Any customization to it? Or did you follow the that spec?
Chinenye Egbe
@domm Nice idea but the doc is very light on details. I can't figure out what the challenge_id or oth are and since there isn't a feedback or support mechanism on the website it's not possible to ask for help
domm
Maker
@chinenye_egbe hey feel free to email us on the support email listed on site hi@fast.co. Always happy to help.
Gaurav Bora
Seems a really nice option in today's world where all the big companies try to extract data for their own purpose.
domm
Maker
@gauravbora completely agree, and the reality is we don’t need profile or user information to perform authentication.
Jacobo Vidal
Really good idea but I am wondering how do you comply with GDPR because sharing session information across fast.co users doesn't seem very compliant. Also I would like to know how you handle security risks like XSS as this seems to be a very weak point.
domm
Maker
@jacobo_vidal the only PII we deal with is email and IP and it is strictly used to perform authentication. Regarding XSS, even if another service intercepted a token has no value other than to prove that the user is authenticated. And that authentication can only be proven with a private key from the original site anywho.
domm
Maker
@jacobo_vidal but great questions, thanks a lot for getting involved and trying out Fast!
△
How is this different from well established login alternatives like Facebook or Google? It would take some time from people to see this as a standard
domm
Maker
@jorgecerda a few major differences: FB login is a single persona for you (typically personal) so generally not relevant for login to business applications. FB and Google and incentivised by owning and monetising your profile/identity, Fast doesn’t collect or use any profile information at all. FB and Google require you be a user before you can use their sign in, not everyone is, which is why there is always still a fallback to email/password.
△
@domm Fair. Will give it a try, I've been using mobile phone authentication on my apps for a while now and I'm curious how this will benefit users. Thanks.
Gabe Ragland
@domm This is really interesting! Do you share my email with the websites I login to?
domm
Maker
@gabe_ragland thanks Gabe, yes only with the site you are logging into, so they can associate your login with the user record in their database linked to that email.
satyam singh
Those Customer Don't Have Email Id How can They Login With This Product(Fast.co). I Think You Want to Add Login With Mobile Option on your Product(Fast.co).
domm
Maker
@satyam_singh6 yes we can support mobile also, but have restricted to email for now as 92% of sites currently use email:password.
Alex Brooks

Awesome work

Pros:

A problem that's been DYING for a good solution like this

Cons:

Don't think so ...

Dmitry Gorshkov
IMO centralisation of authentication can be dangerous. If the user's Fast account is compromised, they are royally screwed.
domm
Maker
@dmitry_gorshkov obviously any service providing authentication including Fast needs to be acutely aware of security risks. However, currently the weakest attribute of Fast currently is the email account, which is already the webs weakest links with reset password links. We actually don’t have Fast accounts so there is no ‘account’ feature that is vulnerable. And we have actually seen huge amounts of vulnerability because of duplication of authentication, same passwords used everywhere, unencrypted passwords on servers, decryptable passwords etc... there are a lot of userability, scalability and security benefits you can receive from utilising one authentication engine.
First
Previous
12345
Next
Last