I built in 2006 the first Host-proof Hosting Online Password Manager, Passpack (it still exists, but I sold it in 2013). I am fascinated by security and obsessed with details.<p>Any major web service sends your password to their server in plain text. Only when the service receives the password, it derivates it and saves it in the database. What happens is a smart employee puts a backdoor at the beginning of the flow and steal your password? I worked in many large companies, and security is not what they would pretend it is. So, at the end of November, I decided to try a different authentication approach, using ED25519 Elliptic Curve. It took my one day to build the library, because I reused a library that I wrote for Secrez.<p>After using it for two months without having problems, I think it is time to talk about it.<p>If you visit https://signauth.cc you can find a brief introduction to the protocol, and you can see how it works.<p>The code is open-source at https://github.com/signauth, and there is also an Express-react boilerplate.<p>Any comment, opinion, suggestion, or critic is very welcomed.