GitLab

Salmon needs a way to identify users. Instead of an email/password system, I prefer a design that consists of a password only. The benefit is less complexity and more privacy because the user doesn't expose her email address. The downside is that if you lose your password, your account is gone for good because there's no email address for password resets.

Here are the criteria for the password:

• It must not be guessable, i.e. incorporate 120 bits of random bits from a CSPRNG.
• The encoding should be human readable. We're working on a design that doesn't expose the password to the user (see #7) but it's still useful for users to be able to recognise or copy and paste her password.