I have just one question and is about the security behind the shared user account between this Community forum website and the main Dynalist website.
We all know that we can use the same account in both places. Considering the forum is a third party service although hosted under the same "dynalist.io" domain, I wonder how the account credentials authentication are being handled.
Recently I’ve noticed that although both services share the same account, they have kinda independent authentication processes. So, consider the following scenario: I was logged off from both services. Then I log in to the community by clicking the blue button on the top of its page, that says “Log In with Dynalist”. And I just realize that it automatically logs me in both services at the same time. I can, however, logoff from main Dynalist, and this doesn’t mean I’m logged off from the Community forum. The exact opposite behavior is also true, so if I log myself off from the Community forum, it doesn’t mean I’m also logged off from the main Dynalist…
The reason why I’m bringing this topic is that I’m little obsessed with security (no wonder I work with information security myself) and I feel a little concerned about it. I always try to logoff from every Web session and revoke access from any app from time to time. TBH, I don’t care about being still logged on in the Community forum, as long as the opened session from this site doesn’t bring a security risk that could allow someone to easily access the main Dynalist with my credentials. I would feel much more safer if there was a 2FA or MFA implemented already, but it seems there’s nothing on the horizon, for the short term.
To overcome this problem, I’m constantly logging off from both services before closing the browser. But it’s me, my way of doing it, not necessarily the best or wiser thing to do.
Thanks for listening!