- Joined
- Jan 24, 2018
- Messages
- 3,231
Note: this announcement was made on the website before the forums were reopened. We backported and backdated it here after the forums launch.
---
For those who missed it, we just finished migrating to a brand new authentication system!
Here is what you should know:
Basics
This new system brings back some security features and adds new ones to MangaDex:
You will notice that this migration also brought with it a site update, mainly for compatibility with the new authentication system, but also bundling quite a few bugfixes and features.
Amongst these, the most notable is likely the site's search bar which has been redesigned, and can be triggered using Ctrl+K (or Cmd+K on macOS).
The reader is also now much more performant when reading chapters with a lot (think 100+) of pages.
What's next?
Yes, it is forums and comments.
The change to a new authentication system has long been the main requirement we were missing to bring these back without relying on a third-party service that we couldn't trust, and also without requiring some terrible design like having 1 site account and 1 forum/comments account entirely separate from one another.
And that is now live and running.
With this, we can use a "Sign in with MangaDex" type of system for those. (and other websites/apps will technically also be able to do so in the upcoming weeks)
In fact, we have been testing it all out privately over the past few weeks, and while there is a minor amount of work remaining on our side to bring this to you, we expect it to come really soon.
Finally, we'd like to thank many people as always, but in particular:
And in general, thanks to everyone for sticking with us!
Until next time!
Small technical precision related to password security, to avoid conspiracies:
---
For those who missed it, we just finished migrating to a brand new authentication system!
Here is what you should know:
Basics
- Your previous username/email/password are unchanged and should work as-is
- If you had to manually whitelist individual MangaDex domains in some type of """security""" system of your computer/router/ISP (McAffee, Trendnet, etc.), you will have to add https://auth.mangadex.org to that list to keep using the website while logged in
This new system brings back some security features and adds new ones to MangaDex:
- You may now enable 2-factor authentication on your account again.
- You may now use a security key as second authentication factor (Yubikey & other FIDO-compliant physical security keys).
- You may now use digital passkeys as second-factor and/or single passwordless authentication mechanism (that means Windows Hello, iCloud Passkeys, Google Passkeys, etc.).
You will notice that this migration also brought with it a site update, mainly for compatibility with the new authentication system, but also bundling quite a few bugfixes and features.
Amongst these, the most notable is likely the site's search bar which has been redesigned, and can be triggered using Ctrl+K (or Cmd+K on macOS).
The reader is also now much more performant when reading chapters with a lot (think 100+) of pages.
What's next?
Yes, it is forums and comments.
The change to a new authentication system has long been the main requirement we were missing to bring these back without relying on a third-party service that we couldn't trust, and also without requiring some terrible design like having 1 site account and 1 forum/comments account entirely separate from one another.
And that is now live and running.
With this, we can use a "Sign in with MangaDex" type of system for those. (and other websites/apps will technically also be able to do so in the upcoming weeks)
In fact, we have been testing it all out privately over the past few weeks, and while there is a minor amount of work remaining on our side to bring this to you, we expect it to come really soon.
Finally, we'd like to thank many people as always, but in particular:
- All the community members who have helped us over the past couple of weeks with testing this out by using the early-acess versions of the website.
- Our resident staff member and artist Teasday for drawing yet another amazing piece of art for MangaDex; this time featuring Fed-kun on the login/registration pages background!
And in general, thanks to everyone for sticking with us!
Until next time!
Small technical precision related to password security, to avoid conspiracies:
- We were able to preserve your passwords without requiring a full password reset because we extended Keycloak (the software powering the new authentication system) with native support for Argon2id and BCrypt password hashes (which are the 2 hashing algorithms used by MD over the years, and thus the format we'd need to import as-is to avoid requiring a password reset by all users).
- Furthermore, it is configured to use PBKDF2 with a SHA256 HMAC internal hash fuction alongside a work factor of 310'000 going forward; essentially in line with current best practices according to OWASP.
Last edited by a moderator:
