Frequently Asked Questions
toggle allIt is best that you read the answers in the shown sequence. You can ask more questions at our support site here. Some of the answers there will be seen here too. You can also see this FAQ as a mindmap: Click here -- and hover your mouse over each question in the mindmap to read its answer.
Basics
What are the goals of this system?
Simply Sign In is a simple system for authentication which achieves the following goals.
- We want to safe guard the privacy of end users who register for IT products/services. The identity of the person is revealed to the IT Product/service, only when the person voluntarily declares it. Not because he/she had not choice but to provide email address during registration
- We want to disconnect the use of email for sign-ups/sign-ins. Emails; we strongly believe, should return back to its original use: Communication between known people
- We want to reduce the friction and time that an end user goes thru before he/she can enjoy using an IT Product/service. Users of our system can enjoy using a new accounts literally in a minute or so. There is no "confirmation" loop
- We want to reduce the use of passwords; and even eliminate their use completely. At the same time, we want to give the flexibility of giving the developer the choice on what strategy they want to adopt
- We want to reduce Sock Puppets* appearing on the Internet.
- We do not want IT Products/services to exchange notes with each other and target the same person for unwanted commercial messages
- We want to reduce the coding considerably for software developers. There are lot of nice IT products/services that do not get launched because they find setting up such highly privacy protected membership system hard
*"Sock puppet" also known as Sybil accounts are fake accounts taken by a person, usually with devious intent. Often done by scoundrels and mischief mongers to spread lies/fake news etc. Sock puppets reduce the quality of discourse and reduce credibility of a service; as such fake accounts would lead to lot of noise. Sadly, there are some IT products/services that do not care if a user takes an account multiple times. For example; Facebook may not particularly care if a 40 year old man is taking another account there as a fake 25 year old beautiful girl. They just want more eyeballs into which adverts can be pushed. But there are many IT products/services that do NOT come up whole heartedly as this issue of sock-puppets have not been properly addressed. We are one of the first to do so.
Caveats
Caveats
- It is impossible to completely eliminate sock puppet accounts; but we give a stiff resistance to individuals who want to quickly setup fake accounts.
- It is also impossible to fully isolate accounts (as the IT Product/service can share 3rd party cookies with each other) but using our system developers will have more work to do; in order to sneak up on their users like this.
Why should I; a regular IT user, use this system?
Our system will save you a huge headache of signing up at IT products/services. The list of such products/services where this can be used is growing fast.
There are many reasons:
Aren't we all tired of the friction that registration at websites and apps create? First you need to give your email address. Then you need to confirm it. Then you need to remember the password!
Or it can be worse: You need to register via an account you have elsewhere. Facebook, for example. And you forgot what kind of data of yours got sucked up into the black hole of the Internet!
There are many reasons:
Aren't we all tired of the friction that registration at websites and apps create? First you need to give your email address. Then you need to confirm it. Then you need to remember the password!
Or it can be worse: You need to register via an account you have elsewhere. Facebook, for example. And you forgot what kind of data of yours got sucked up into the black hole of the Internet!
After all that, you still have the issue of hackers hacking into that website you registered. And what about the litany of emails that you received from the website you just registered? Gradual spam, is what we call them! Ah, so many other problems too -- which will make this answer much longer.
At our software lab, we have several offerings to make your life as a user of the Internet much more easy. This one is the "Simply Sign-in System" using which you can register/login for IT products/services without revealing who you are. No email address or phone number is demanded from you.
It is totally free for end users!
For IT product/service developers who implement our system; we charge elastically as per usage, with a generous free trial that does not expire!
At our software lab, we have several offerings to make your life as a user of the Internet much more easy. This one is the "Simply Sign-in System" using which you can register/login for IT products/services without revealing who you are. No email address or phone number is demanded from you.
It is totally free for end users!
For IT product/service developers who implement our system; we charge elastically as per usage, with a generous free trial that does not expire!
Why should I; an IT developer, register here?
Developers too are harassed by the complex coding, maintenance of databases, etc that are all needed when setting up a conventional sign-up/sign-in (i.e. membership) system. Nowadays, privacy is taken very seriously by many government bodies. Read the previous question to understand and be empathetic to your users. If you resonate with such privacy requirements; there are hardly any membership system other than our Simply Sign In system.
Our system is also possibly the only one which reduces the chance of you getting fake accounts (i.e one person taking multiple accounts in your IT product/service) It also does NOT require you to setup a captcha service as this system can hardly be automated by robots. Only humans allowed!
Our system solves all the issues both for users and developers quite elegantly. With very little code. If you are a developing a new IT product/service, we are quite sure that the coding for getting new users is the simplest when you use our system.
The only kind of IT products/services which may not be suitable would be one that require a KYC (Know Your Customer) process, because our system guards the privacy of the user quite well and that is opposite of what KYC demands.
Here are some more advantages: No "confirmation loop" either -- so no need to spend money on SMTP and no need to code any email route just for sign-up/sign-in. We charge developers elastically, as per usage.
AND it is an excellent two factor authentication system (explained later) Read the security questions for more advantages that developers have.
But why should developers not send emails to users?
We are not saying that developers should NOT send emails. What we are saying is that emails are NOT the way by which a new user has to be signed up. A developer who politely asks for the email address of the user later (after registration), is of course allowed.
The subtle point is this: For far too long, emails have been used as a necessary method to get registered. The developers too are vulnerable: Hackers try out the same email address the user happened to use at a weakly protected IT product/service, even at the important IT product/service.
And as a bye-product of having got the email address, users get plastered with unwanted emails. Then users also become clever: They use disposable/temporary email addresses and then never receive an important communication or a discount!
Emails were never meant for this kind of usage! Let us take emails back to its original purpose: of communicating between humans who knew each other; both parties expecting the emails!
Today there are so many other methods to communicate with users: Discord communities, Whatsapp, Telegram, Facebook, etc. So why get into email addresses?
The subtle point is this: For far too long, emails have been used as a necessary method to get registered. The developers too are vulnerable: Hackers try out the same email address the user happened to use at a weakly protected IT product/service, even at the important IT product/service.
And as a bye-product of having got the email address, users get plastered with unwanted emails. Then users also become clever: They use disposable/temporary email addresses and then never receive an important communication or a discount!
Emails were never meant for this kind of usage! Let us take emails back to its original purpose: of communicating between humans who knew each other; both parties expecting the emails!
Today there are so many other methods to communicate with users: Discord communities, Whatsapp, Telegram, Facebook, etc. So why get into email addresses?
How does this work?
As far as a user is concerned, he/she has to just download the LLL-SSS utility specific for that person's OS (We have downloads for Windows and Mac) It does not require any installation. Just unzip and follow the instructions in the READ_FIRST.TXT file
The rest of the magic happens our servers, who pass on information to the correct IT Product/service.
The rest of the magic happens our servers, who pass on information to the correct IT Product/service.
NOTE: The first time you run the LLL-SSS utility, you would need to set a password. You will only be allowed to use with such a password check everytime. Do NOT forget that password.
When you want to register for an IT product/service, you would go to that page which shows a browser code for that particular website of that IT product/service
Copy that browser code into the LLL-SSS utility and press the "Proceed" button. The utility picks up a unique code that is specific to your computer; and sends that to our server. Our server then passes it on to that aforementioned product/service. The rest of the work would be done there. All this happens in seconds.
Many IT Products/Services that use our system will even allow you to reuse the same LLL-SSS utility password you had set. So effectively, you need to remember ONLY one password everywhere.
It is very simple and quite frictionless. You get registered literally in a minute or two with very little work.
Once many IT Products/services start using our system, you would be a lot more clear of the benefits-- as you can get to work on those IT products/services literally in a few minutes. NO confirmation email. No marketing spam in your inbox, etc. You will likely get really high quality trials at such IT products/services. Why? Because they are sure that you will not come again and setup another account with a disposable email address!
Copy that browser code into the LLL-SSS utility and press the "Proceed" button. The utility picks up a unique code that is specific to your computer; and sends that to our server. Our server then passes it on to that aforementioned product/service. The rest of the work would be done there. All this happens in seconds.
Many IT Products/Services that use our system will even allow you to reuse the same LLL-SSS utility password you had set. So effectively, you need to remember ONLY one password everywhere.
It is very simple and quite frictionless. You get registered literally in a minute or two with very little work.
Once many IT Products/services start using our system, you would be a lot more clear of the benefits-- as you can get to work on those IT products/services literally in a few minutes. NO confirmation email. No marketing spam in your inbox, etc. You will likely get really high quality trials at such IT products/services. Why? Because they are sure that you will not come again and setup another account with a disposable email address!
What is the full form of LLL-SSS?
It stands for Limen Leap Labs' Simply Sign-In System. That is quite a mouthful. So LLL-SSS is easier to type!
That's the system that is the motor of this unique way of obtaining registrations at websites/SaaS/apps
SaaS == Software as a Service. For e.g. Gmail is a SaaS product. It is a software that works only inside a browser. But LLL-SSS can be used for all kinds of IT products/services. Not just SaaS.
Do you have LLL-SSS for smartphones/tablets?
Currently no. We may not have one in future either. This may initially sound like a strange decision. But you will get convinced with our explanation:
One core headache we solve is to allow IT Products/services to get genuine, unique users. It is a reasonable assumption that most people generally would have one computer only. They also have mobile devices such as smart phones and tablets. The number of such mobile devices can easily be more than one. For example; many have a tablet as well as a smart phone.
So; if we give LLL-SSS for smart phones/ tablets it would be quite easy for one and the same person to take up 3 accounts.
Then that would dilute the purpose of our LLL-SSS utility; of giving genuine, high quality unique users for IT Products/services.
Another advantage of giving LLL-SSS only for physical computers (Windows and Mac) is that it focuses on serious applications, such as business products and services.
For non-serious applications (like Facebook, etc) the need to have unique users as their members is not a big point anyway.
Note that though the LLL-SSS utility works ONLY on computers currently, the IT Products/services could be mobile apps that work on smartphones/tablets
One core headache we solve is to allow IT Products/services to get genuine, unique users. It is a reasonable assumption that most people generally would have one computer only. They also have mobile devices such as smart phones and tablets. The number of such mobile devices can easily be more than one. For example; many have a tablet as well as a smart phone.
So; if we give LLL-SSS for smart phones/ tablets it would be quite easy for one and the same person to take up 3 accounts.
Then that would dilute the purpose of our LLL-SSS utility; of giving genuine, high quality unique users for IT Products/services.
Another advantage of giving LLL-SSS only for physical computers (Windows and Mac) is that it focuses on serious applications, such as business products and services.
For non-serious applications (like Facebook, etc) the need to have unique users as their members is not a big point anyway.
Note that though the LLL-SSS utility works ONLY on computers currently, the IT Products/services could be mobile apps that work on smartphones/tablets
If you think we need to rethink this strategy; do let us know at admin@limenleap.com and let us hear your point of view too!
Is there a guarantee that LLL-SSS will work?
Let me reword that question: "Will LLL-SSS generate exactly the same code on a computer each time it is used?" After all, it would be that code which would then get used to give an account, right?
The answer is yes; the hardware code our LLL-SSS will pick up will always the same from the same computer -- to almost 100% reliability.
A few years back, LLL-SSS was not possible. Those were the years when the hardware manufacturer were not putting a unique ID on their hardware. This has changed dramatically. All hard-disks, for example; does have a globally unique ID imprinted on them.
Having said that; there may be a few hackers who may find ways to hack into the hardware and/or OS and change the reading that LLL-SSS picks up. We are constantly on the look out to find all possible ways by which our LLL-SSS utility would be cheated of the correct ID from a computer.
The answer is yes; the hardware code our LLL-SSS will pick up will always the same from the same computer -- to almost 100% reliability.
A few years back, LLL-SSS was not possible. Those were the years when the hardware manufacturer were not putting a unique ID on their hardware. This has changed dramatically. All hard-disks, for example; does have a globally unique ID imprinted on them.
Having said that; there may be a few hackers who may find ways to hack into the hardware and/or OS and change the reading that LLL-SSS picks up. We are constantly on the look out to find all possible ways by which our LLL-SSS utility would be cheated of the correct ID from a computer.
The moment we notice that; we will revise the code; and release a new one. At the same time, automatically, our server will reject entries from the earlier versions.
Can this be used for banking/legal applications?
Though we do not have any restrictions from our side; banking and legal applications would need actual identification of their users. Simply Sign In does the opposite: It is for keeping the identity of the person registering totally private . It is possible that after registration, the person may chose to reveal an email address/password to the registered IT Product/service. (Provided they had asked for it) But that is voluntary and cannot be considered as a strict KYC (Know your Customer) process.
In short, if you do see some IT Product/service that claim that they are handling your finance or legal matters using our system, please retain your scepticism and report to us. We would also be quite interested in knowing how they can work without knowing their own customers. The KYC process is an important aspect of such services and with Simply Sign In you can never really know the user, due to the way it protects the privacy of the user
In short, if you do see some IT Product/service that claim that they are handling your finance or legal matters using our system, please retain your scepticism and report to us. We would also be quite interested in knowing how they can work without knowing their own customers. The KYC process is an important aspect of such services and with Simply Sign In you can never really know the user, due to the way it protects the privacy of the user
Where is the user manual?
This FAQ itself is your user manual. It will take just 5-10 minutes of your time to understand this system. Click on the "toggle all" link right at the top, and read the answers to all the questions at one go.
Developers who register with us would get technical documentation from their respective settings page.
Is this a password manager?
No. There are lots of password managers around. This is not one of them. On the other hand, once our method become a standard; the password problem can reduce a lot!
Will my wife/husband/gf/bf/etc use my account?
If your computer is freely accessible to others, then there is a chance that the other person would use the LLL-SSS utility to impersonate you. This is illegal of them to do that; of course. And you are aware of such situations elsewhere too, right? For example; you may be quite sure of protecting your phone very well for the same reason.
Firstly, when you start using the LLL-SSS utility for the first time, you would be prompted to set a password. Next time onwards you would be asked for that password to use it fully.
Firstly, when you start using the LLL-SSS utility for the first time, you would be prompted to set a password. Next time onwards you would be asked for that password to use it fully.
So the obvious precaution is do NOT share that password with anyone else.
Though that is a deterrent -- it may be possible that someone else finds a way to delete that folder and start again.
Though that is a deterrent -- it may be possible that someone else finds a way to delete that folder and start again.
But even then; let us explore what can happen when using our system.
Most developers will use LLL-SSS to only initially register you (i.e. for sign-up) You would be setting your own username and password there. So make sure you do not share that username and password with whoever you think may want to snoop into your account. This is normal precaution which we are sure you must be following anyway.
Now some developers may allow you to recover the password by the same process that is; LLL-SSS will be run again and this time instead of registering; you can do a password reset. This can be attempted by that person who was illegally trying this out.
For those IT products/services where such LLL-SSS based password reset is made, you can ask them to disable that route for resetting the password. Then you will be quite sure that nobody can sneak around and pretend to be you, by using your computer.
For those IT products/services where the LLL-SSS has to be used both for sign-up and sign-ins, you would need to guard your computer the same way you guard your phone
Most developers will use LLL-SSS to only initially register you (i.e. for sign-up) You would be setting your own username and password there. So make sure you do not share that username and password with whoever you think may want to snoop into your account. This is normal precaution which we are sure you must be following anyway.
Now some developers may allow you to recover the password by the same process that is; LLL-SSS will be run again and this time instead of registering; you can do a password reset. This can be attempted by that person who was illegally trying this out.
For those IT products/services where such LLL-SSS based password reset is made, you can ask them to disable that route for resetting the password. Then you will be quite sure that nobody can sneak around and pretend to be you, by using your computer.
For those IT products/services where the LLL-SSS has to be used both for sign-up and sign-ins, you would need to guard your computer the same way you guard your phone
My computer is used by brother/sister. Then what happens?
Since this system assumes that one computer is equivalent to one user, it would mean that all the brothers/sisters would together be considered as one user.
Often, this may not be as big a problem as you may think: If indeed all of you volunteered to share one computer with each other; you also trust them that the others will not misuse it and by convention, you would be respecting each other's privacy.
Often, this may not be as big a problem as you may think: If indeed all of you volunteered to share one computer with each other; you also trust them that the others will not misuse it and by convention, you would be respecting each other's privacy.
Having said that; you must have realized that that computer can get only one registration at each IT product/service that has implemented our system. Also, the LLL-SSS utility has one password that needs to be set. It is your choice to share that password with others who use your computer.
What happens after my computer gets broken?
Many people use a computer all the way till it gets so broken that it cannot be used anymore. This would be between 2 to 5 years on an average from the time of purchase. All the accounts you had taken during that period which required you to set a password will continue to work as before. No issues. Even after the computer has long gone.
Those accounts that specifically required you to use the LLL-SSS utility each time you wanted to sign-up (i.e. where no password was set); well, they would work only on a working computer. Once the computer is broken, such accounts would also be broken. We are assuming that a computer is not something that people would discard in days or weeks or even months -- we believe that is a good enough assumption.
Note that these accounts cannot be picked up by someone else, because in this question, we are specifically talking of computers that stopped working. We have answered elsewhere what you need to do if you happen to give your computer to someone else.
Those accounts that specifically required you to use the LLL-SSS utility each time you wanted to sign-up (i.e. where no password was set); well, they would work only on a working computer. Once the computer is broken, such accounts would also be broken. We are assuming that a computer is not something that people would discard in days or weeks or even months -- we believe that is a good enough assumption.
Note that these accounts cannot be picked up by someone else, because in this question, we are specifically talking of computers that stopped working. We have answered elsewhere what you need to do if you happen to give your computer to someone else.
If the same person uses several computers one after another, what happens?
Each computer is assumed to be one identity. So if you are one of those serial purchasers of a computer. Say, someone who buys a new computer and uses it for 2 years and then buys another one -- In such a case; yes, the same person would be get multiple identities one after another.
So strictly speaking, the IT Product/service where such a person has an account will get multiple accounts from the same person. But this; according to us and also many others, is quite tolerable.
The reason is simple: Such people would take a year or two to discard their previous computer and get another. This situation is definitely not the same as the one person using multiple email addresses and taking multiple identities all on that same day! We have surely solved that problem! (And many others)
So strictly speaking, the IT Product/service where such a person has an account will get multiple accounts from the same person. But this; according to us and also many others, is quite tolerable.
The reason is simple: Such people would take a year or two to discard their previous computer and get another. This situation is definitely not the same as the one person using multiple email addresses and taking multiple identities all on that same day! We have surely solved that problem! (And many others)
Should I delete the LLL-SSS utility after using it?
No harm done if you do delete the utility after you get a registration. As you can always download it later too. But it is a tiny utility and if you have it on your computer, you would be able to easily register at other IT products/services. Of course those that have implemented our system.
Note that when you re-install the utility after deleting ALL the files of the previous version then you would need to set the password again the first time you use the utility.
Note that when you re-install the utility after deleting ALL the files of the previous version then you would need to set the password again the first time you use the utility.
For regular users
Where should I start?
As a regular user, you would need to first download the Simply Sign-in System utility for your own computer. It is a very tiny download. And we have one for both Windows as well as Macs (Links are in the footer)
Simply Sign In is free for end users. Developers also start free and later pay a tiny amount; elastically, as per use.
Simply Sign In is free for end users. Developers also start free and later pay a tiny amount; elastically, as per use.
Why should I run a software on my computer?
It is not a full fledged software. It is just a simple utility that you do not even require to install. Just extract it to some folder on your own computer, read the "README_FIRST.TXT" file and follow the simple instructions.
Because it will pick up a unique ID from your computer and use that to register you. It is just one teeny-weeny code that is available in your computer and it is totally unique to each computer. Nothing else is picked up -- and hence you can get a registration on any website/app which uses our LLL-SSS system without having to give any of your contact details (Email, phone no, etc)
Why should you run it?
Because it will pick up a unique ID from your computer and use that to register you. It is just one teeny-weeny code that is available in your computer and it is totally unique to each computer. Nothing else is picked up -- and hence you can get a registration on any website/app which uses our LLL-SSS system without having to give any of your contact details (Email, phone no, etc)
Can I run the utility on someone else's computer?
Well, if you download the utility and use it on someone else's machine -- it can create a huge headache for you later on. And also to the other person whose computer you used.
Our LLL-SSS utility is meant to be run on your OWN computer.
It picks up the unique ID of your computer and uses that to register you. So please do NOT use this from a computer of an Internet cafe, or some other friend's computer. This creates a problem to that other person too -- because if that person later tries to register, he/she may find that it is not possible to do so as the unique ID was already consumed by you!
I formatted my computer. Will this still work?
Formatting or the regular upgrading of the OS would not affect this process. If you change the main hard-disk of your Windows computer; the Unique ID of your computer would change. This situation happens quite rarely nowadays.
But nevertheless; there is a way out if it does happen: Most of the developers that use our system would also implement a recovery mechanism. Your registration would come with a "recovery code"
If the data you had created at a SaaS application was important to you; you can request the developer to associate the unique ID of your new computer by quoting that recovery code to that SaaS developer.
Does it write anything on my computer?
When it starts for the first time, it will allow you to set a password for the utility. The password is encrypted and stored in the same folder where the zip file was extracted into. Next time onwards you would need to give that password to use the utility.
No other file writing happens.
No other file writing happens.
Do I have to download and use your utility for each registration?
Not at all. Once you download our tiny LLL-SSS utility for your computer, you can use the same one for ALL the registrations you do on the Internet -- of course, those registrations should be integrated with our LLL-SSS system.
There is one exception: We do regularly update this utility; and in case you have an older version, you would be required to download the correct, new version.
The very fact that the LLL-SSS is already available with a user, would make this potentially attractive to other developers who want to integrate our LLL-SSS for their registrations. We hope everyone would use this, and solve a lot of problems for all developers and users.
Why can't I change my username of my account?
Some systems that use the LLL-SSS will NOT allow changing your username. This is usually done so that other users using the same app/SaaS/website do not get confused and think that there is a new user who has now signed up. This is often important in apps/SaaS/websites that are dependent on authentic information from their users in their community. For example in social network apps, or commenting systems where credibility is important.
But this is not mandated by us. Our developers may implement a system where even the username itself could also be reset.
But this is not mandated by us. Our developers may implement a system where even the username itself could also be reset.
Can I use the same password everywhere?
Ideally you should not use the same password everywhere. Not because of our system, but as a general safety precaution.
If any IT product/service developer uses LLL-SSS system for registering you and give you usernames and passwords at their server, you should exercise the same precaution as seen in other conventional websites.
Having said that, LLL-SSS actually does allow you to use the same password that you had set initially for your utility. This is done thru some very clever coding which ensures that the developer never gets the plain text version of your password (during registration) and instead is given a "hashed" version. If you use this route, you would need to remember that utility's password you had set. But then it is just that ONE password at ALL the places which accepts LLL-SSS
If any IT product/service developer uses LLL-SSS system for registering you and give you usernames and passwords at their server, you should exercise the same precaution as seen in other conventional websites.
Having said that, LLL-SSS actually does allow you to use the same password that you had set initially for your utility. This is done thru some very clever coding which ensures that the developer never gets the plain text version of your password (during registration) and instead is given a "hashed" version. If you use this route, you would need to remember that utility's password you had set. But then it is just that ONE password at ALL the places which accepts LLL-SSS
If you do want to use the same password; make sure that the username you choose is quite different at each place where LLL-SSS is implemented.
But LLL-SSS may be used by developers for totally password-less access too. In those websites, you would need to start the LLL-SSS utility on your computer and go thru that simple process of entering a browser code, etc each time. In such cases you don't have to do any setting of username/password etc at all. You are simply recognized as you because you started the LLL-SSS from the same computer all the time!
How to prevent the other person I sold my computer to, from using my credentials?
When you use the Simply Sign In System on your computer, nothing is ever written on your own computer on where you had registered.
But if you want to be sure that the other person may not accidentally use the LLL-SSS on a previous account of yours, then you should go to each of the places where you had created the account and ask them to delete your data there. So that in case the same computer gets used once again, the other person will have to start afresh.
Can I use this on my company provided laptop?
Usually organizations do not allow their laptops to download and install external apps. Please check with your superior in your office.
But there is another point here: If you are indeed a manager/owner/decision maker of an office, it is actually a good idea to select those apps/SaaS/etc on the net which uses our system. Then you can ask your office workers to sign-up for those services using our system.
One major advantage for you is that when an office worker leaves, the same laptop can be given to someone else who picks up the same role -- and all the services continue as before!
One major advantage for you is that when an office worker leaves, the same laptop can be given to someone else who picks up the same role -- and all the services continue as before!
Can I use this to sign-up into my company intranet?
Yes. That is a very good use case. For example; a system admin of your intranet can integrate our LLL-SSS to sign-up/sign-in into the intranet wiki. See the answer to the previous question.
For developers
I am a developer. Where do I start?
As a developer, you also need to download the Simple SIgn-in System (LLL-SSS) utility and use that to register yourself as a developer who uses our system.
In one way, you would get faith in what we are doing here. The workflow on how you get registered would be similar to what your own users would experience.
Once you sign-up, you will be able to access the settings page. That page has all the required forms for you to setup any number of webhook endpoints at your server, to receive data from our server; in order for your users to sign-up. You will also get a link to download a ZIP file which has all the tech docs and sample code to get you going.
Where can a developer use this?
Are you a developer of a SaaS product? A mobile app? A website, that is behind a paywall? In fact any protected usage of the Internet which requires a registration ... all of them can take benefit from our LLL-SSS
The only IT product/service that may not benefit from Simply Sign In would be those which need a strict Know Your Customer (KYC) process -- such as banking and legal products/services. Though our security of our system is top class, the main objective is to protect the privacy of the end user -- and it is because of that our system may not be suitable for such KYC dependent IT products/services.
The only IT product/service that may not benefit from Simply Sign In would be those which need a strict Know Your Customer (KYC) process -- such as banking and legal products/services. Though our security of our system is top class, the main objective is to protect the privacy of the end user -- and it is because of that our system may not be suitable for such KYC dependent IT products/services.
Once you register as a developer here, you will be given a settings page. Just enter an endpoint that you have created on your own server; which will receive the POST https request from our server. The settings page has all the documentation you need to get this going in any computer language of your choosing.
It should take you maybe a couple of hours at most to get the registration system going on your website (excluding the beautification of your site, which would all be dependent on you; of course)
It should take you maybe a couple of hours at most to get the registration system going on your website (excluding the beautification of your site, which would all be dependent on you; of course)
You can create any number of such endpoints. One for each of the website/app/SaaS that you want to handle the registrations for!
You would get a certain number of registrations free for each endpoint (See the Pricing section on this FAQ for the latest information)
You would get a certain number of registrations free for each endpoint (See the Pricing section on this FAQ for the latest information)
Do I need to implement two-factor authorization?
Usually no.
Simply-sign in is already a 2 factor system (But if you can always implement one additionally if you want)
Let us explain.
To understand the meaning of what 2 factor is, let us understand the "two" factors that make it strong.
Two factor provides answer to two questions:
a) What you know? (Knowledge factor) For example; a password; a code, etc
b) What you own? (Possession factor) For example; your computer, a physical debit card, etc.
If a system gets answers and are convinced that both the questions are answered by the same person; it is pretty good authentication!
Often many website asks for only one factor (the knowledge factor) which is the username+password combo. But that can sometimes be stolen by someone else. Hence many website want to be convinced whether you have something in your possession which only you have. That is why a debit card is issued. The card itself is your "possession" and the PIN (password) of that card is the "knowledge factor"
Often many website asks for only one factor (the knowledge factor) which is the username+password combo. But that can sometimes be stolen by someone else. Hence many website want to be convinced whether you have something in your possession which only you have. That is why a debit card is issued. The card itself is your "possession" and the PIN (password) of that card is the "knowledge factor"
In our case, the computer from where a user creates an account is the "possession factor" and the fact that you could write down the same code that was displayed in your browser at the same time is the "knowledge factor" it automatically becomes quite a powerful 2 factor authentication system!
But like we said before; if you want you can still implement another factor such as sending an SMS with a code to your phone etc.
One good reason for additionally implementing a conventional TOTP (time based OTP) using apps like Google Auth or FreeOTP, would be when you use our system ONLY for the initial registration but for subsequent logins, the user uses the username and password that was set. But even if we don't, since the initial registration itself was so strong, it may not be required. But your opinion may differ and we respect that.
If you are using LLL-SSS both for sign-ups as well as sign-ins then surely you do not need another 2 factor system!
One good reason for additionally implementing a conventional TOTP (time based OTP) using apps like Google Auth or FreeOTP, would be when you use our system ONLY for the initial registration but for subsequent logins, the user uses the username and password that was set. But even if we don't, since the initial registration itself was so strong, it may not be required. But your opinion may differ and we respect that.
If you are using LLL-SSS both for sign-ups as well as sign-ins then surely you do not need another 2 factor system!
Can it be used to protect code?
No. The function of LLL-SSS is simply to help developers get unique members for their app/SaaS/website. It has no other capabilities. It cannot do anything it was not meant for, including (but not exclusive to) protecting your source code. Or copy-protect your software: Sorry it does not do none of that!
Can I use it along with other forms of sign-ups?
Technically you could. But then you would not be really utilizing the advantages this system gives. The moment a user has multiple ways of registering, you can get the same person taking multiple accounts on your server.
I already have a sign-up+sign-in system in my IT product. Can I switch to this?
Broadly speaking, the answer is yes. But each software developer's situation would be different. So kindly email us at admin@limenleap.com and fix up an e-meeting and we will help you.
My work is quite private. I do not want to reveal my id to you. Is this possible?
Yes. As it is, we sign-up developers using our own LLL-SSS utility and that does NOT ask for any contact information about you. (You can volunteer that information, if you so wish in the settings page. But that's optional)
If you do not want to reveal who you are; you need not provide your contacts in the settings page. Also, you can give an http:// endpoint with an IP address instead of an https:// endpoint; so we do not know which product/service you are running.
But please do ensure that you are following our terms of service (listed in the FAQ under "legals")
If you do not want to reveal who you are; you need not provide your contacts in the settings page. Also, you can give an http:// endpoint with an IP address instead of an https:// endpoint; so we do not know which product/service you are running.
But please do ensure that you are following our terms of service (listed in the FAQ under "legals")
Can I use it as a substitute for OAuth?
No. If you want to implement OAuth at your server, you would have to do that coding yourself. This is NOT a substitute for OAuth. One common misunderstanding about OAuth is that it is an authentication mechanism. It is actually not. It was meant to authorize a legal user to allow a 3rd party to access a persons data in that person's account, without the person having to share its password.
Simply Sign-In is an authentication system. It proves that you do exist as a unique human when you use IT Products/Services.
LLL-SSS is NOT an authorisation system.
Simply Sign-In is an authentication system. It proves that you do exist as a unique human when you use IT Products/Services.
LLL-SSS is NOT an authorisation system.
Can I distribute the LLL-SSS utility on my website?
No. We keep improving and tweaking this utility. So everyone must download this free utility from our website ONLY. You may however feel free to mention the links in your documentation/website/etc.
I need my users' email addresses too! LLL-SSS does not collect them. How do I get the emails?
What we said is that for our system to work, it does NOT require any personal information (including email address, phone no, etc) But that does not mean that we restrict you!
As a developer you can decide whether you want to further ask details like the user's email address. It is all up to you and how you think your business should be run. You can add your additional requirements when your user signs-up.
As a developer you can decide whether you want to further ask details like the user's email address. It is all up to you and how you think your business should be run. You can add your additional requirements when your user signs-up.
We do not restrict any developer on the kind of information the developer wants from the user when the user signs-up
Can this be used for serverless and/or distributed systems?
Though we welcome all usage, the LLL-SSS system is particularly suited for a "hub-and-spokes" model. The "hub" is the server which is handling the data and providing the app/SaaS/functions for the user. And users are at the end of the spokes from that hub.
But we do have another product which can be used to authenticate users who are in a serverless, distributed network. See https://homing.space
But we do have another product which can be used to authenticate users who are in a serverless, distributed network. See https://homing.space
Can this be used for registering users AFTER they pay?
It works best when you allow everyone to register on your website/app/SaaS without any friction. That means, ideally do not put any pre-condition on the user.
But if you want your user to pay you first, before you give that person an account; you can create that work flow also. It would go along these lines:
- The user pays. Ask him/her to get hold of a proof of the payment (payment ID from the payment gateway would be a good candidate)
- Use the LLL-SSS system as usual, and when the user reaches your registration page; ask that person to supply the payment proof
- Once the payment proof was given, then that particular user is given an account
Note that in this process, the anonymity of the user is lost: The developer would come to know who that person was. I guess, in some situations, this kind of workflow is also needed.
So the short answer is: Yes, you can use LLL-SSS in this fashion!
So the short answer is: Yes, you can use LLL-SSS in this fashion!
Comparison
Is this part of the FIDO alliance?
No. Our goals are different from FIDO. In our case, we strongly believe that there many IT products/services out there which are highly private and they do want to respect the privacy of the end users. Yet, at the same time, they do not want any end users to create multiple accounts under assumed identities (the way it happens with email addresses) FIDO authentication don't particularly care if the person takes multiple accounts from multiple devices. Say, the same person has a mobile phone, a tablet and a computer -- then that person can get 3 accounts at the same time.
Also, FIDO strongly dependents on gadgets such as a finger print reader, etc on the computer.
Having said that, we have some similarities. We also use high quality cryptography hashing techniques. We also prevent linking accounts. That means if you take an account on one IT Prooduct A, and later on another account at an IT Service B; the developers of A and B cannot exchange notes with one another and come to know that both have accounts from the same person.
Also, FIDO strongly dependents on gadgets such as a finger print reader, etc on the computer.
Having said that, we have some similarities. We also use high quality cryptography hashing techniques. We also prevent linking accounts. That means if you take an account on one IT Prooduct A, and later on another account at an IT Service B; the developers of A and B cannot exchange notes with one another and come to know that both have accounts from the same person.
Is this same as Auth0, loginRadius, etc?
No. We are quite different. Auth0, etc simplify authentication code but are not concentrating on the goals that we think are important: Privacy of the user and the fact that sock-puppet accounts cannot be easily created by end users
Pricing
Do you offer a trial to developers, yourself?
The first 500 calls to your incoming webhook are free of cost, as a trial. The trial is for the entire account and not as per the webhook endpoints. So if you are using this for 5 products of yours, then totally you would be given 500 calls free.
So yes, we take our own medicine.The trial has no expiry date. So you, as a developer, can try all this out at your leisure!
That is the same advantage that developers can pass on to your own users. (to put it simply: You can confidently give trials on your IT product/service which has no expiry period)
How much does this cost?
This answer is ONLY relevant for developers who have implemented our system on their server. If you are regular user; you have absolutely no costs for using our LLL-SSS system.
IF you are a developer, read on...
We do not charge any amount upfront. Registration of a developer to start using the system is totally free.
Once your users start using our LLL-SSS to sign-up or sign-in for your product/service, we charge a tiny amount for each call made to your server's incoming webhook endpoint (after the free trial of course. See the previous question about the free trials)
The charges are just Re 1 (One Indian Rupee) per call we make to your incoming webhook endpoint. The charges are accounted in our internal currency called "Koyns", One Koyn = 1/100th of an Indian Rupee (or 1 Paise) so the charges per call we make to your endpoint would be 100 Koyns.
Koyns can be purchased from our payment gateway virtually in any fiat currency. (USD, Euro, etc)
Koyns can be purchased from our payment gateway virtually in any fiat currency. (USD, Euro, etc)
How does the cost add up over time?
If the developer uses this service to do only sign-ups and not sign-ins then the total cost to the developer would be low. Usually this is done if you want to just use the LLL-SSS to register the user.
After the first time the user creates an account, the user would sign-in directly at your website/SaaS/app without having to use the LLL-SSS utility.
After the first time the user creates an account, the user would sign-in directly at your website/SaaS/app without having to use the LLL-SSS utility.
Note that the user may sometimes stop short of actually creating an account at your site. Unfortunately, all that is happening on your website so our server will not come to know.
Hence the form you create at your server to ensure that the user does register should be attractive and fast! Else in a few cases, you may incur more costs as our server will keep deducting the charges from your account, as per a successful call to your endpoint. It is technologically infeasible to know which of your users have registered. We can't know.
2nd method of sign-in
The method described above is not the only way you can use our system.
You can make the user use the LLL-SSS utility each and every time the user enters your app/website/SaaS. This can be useful when you want to be quite sure that it is always the same user with the same computer who is using what you have to offer.
You can make the user use the LLL-SSS utility each and every time the user enters your app/website/SaaS. This can be useful when you want to be quite sure that it is always the same user with the same computer who is using what you have to offer.
The eventual cost that a developer would incur in such a case would be larger; as we would charge Re 1 for each call we make to your incoming webhook.
But the major advantage that developers have is that the coding needed to handle such sign-in is very low; as no database of the user is needed. The hashed Device-ID we pass on to identify a user is good enough!
This is also highly privacy protected (as the developer does not need any contact details) and a new user can get to work with the new account practically immediately.
But how can I pay such tiny amounts?
Good question! It is cumbersome to keep paying a tiny amount for each sign-up/sign-in of your users, individually.
What we request you to do is to top-up your account with a certain number of Koyns. "Koyns" are our internal currency that we use in all our solutions. Buy them from our payment gateway.
Our system will keep deducting the right amount from your account credit balance. Once you run out of balance, you would surely come to know -- as your users would not be able to sign-up/sign-in You can reacharge your account in minutes. Just buy another lot of koyns from our payment gateway, and deposit those into your account. It's just a matter of few minutes.
Can I get a referral discount?
Yes, we are implementing one very soon.
On your dashboard; you will notice a special referral code that uniquely identifies you. If you get anyone else to register as a developer here using that link; your incentive is practically assured. It works as follows:
On your dashboard; you will notice a special referral code that uniquely identifies you. If you get anyone else to register as a developer here using that link; your incentive is practically assured. It works as follows:
Once that person starts paying for the sign-up/sign-ins (i.e after that person's trial API invocations are over) then you will be immediately given another 200 webhook invocations free of cost. This happens only once per referral, provided that person has paid more than the cost of those 200 webhook invocations.
We may stop/pause this referral scheme at sometime. But even if we do, it is in your interest to ask other developers also to use Simply Sign-in! Why so? Because their users can also easily become your users too! Your membership will grow viral!
Do you give coupons?
Occasionally, we do give out coupons. You can provide the coupon code when we you deposit some Koyns in your account. These coupons can be obtained by chatting with us on a case-to-case basis. Please read all the terms and conditions of such coupons before using them.
Will my webhook be called unnecessarily, and increase my bill?
Of course not.
Our server actually calls your webhook twice; for a 2 step procedure. In the first step, you get a chance to do some sanity checks and if all those checks are passed; you return "OK" back to our server. If you do not return "OK" we do NOT do the second step at all. And is in the 2nd step, that the hashed Device ID is passed to you.
We charge developers, ONLY for the 2nd step. So you have nothing to worry!
You can easily implement a log at your end, and check how many times our server calls your incoming webhook endpoint.
We have also implemented a "timeout" mechanism, to prevent any of your user repeatedly using the LLL-SSS utility to keep sending data to you, via our server.
This is how it works:
When your server sends a message to the user (with our server as a middle-man), just attach a timeout in millisecond in front of the message, delimited by the pipe character. The user's LLL-SSS utility will wait for the timeout to be over, before the "Proceed" button is again available for clicking. If you think a user maybe able to send some spurious message without our utility, we have fair amount of checks at our server -- so all those calls are anyway blocked by us!
Our server actually calls your webhook twice; for a 2 step procedure. In the first step, you get a chance to do some sanity checks and if all those checks are passed; you return "OK" back to our server. If you do not return "OK" we do NOT do the second step at all. And is in the 2nd step, that the hashed Device ID is passed to you.
We charge developers, ONLY for the 2nd step. So you have nothing to worry!
You can easily implement a log at your end, and check how many times our server calls your incoming webhook endpoint.
We have also implemented a "timeout" mechanism, to prevent any of your user repeatedly using the LLL-SSS utility to keep sending data to you, via our server.
This is how it works:
When your server sends a message to the user (with our server as a middle-man), just attach a timeout in millisecond in front of the message, delimited by the pipe character. The user's LLL-SSS utility will wait for the timeout to be over, before the "Proceed" button is again available for clicking. If you think a user maybe able to send some spurious message without our utility, we have fair amount of checks at our server -- so all those calls are anyway blocked by us!
In short, you have absolutely no worries: The webhook you implement would be called by our server purely for official reasons only! And you have full control to handle mischievous users who want to keep clicking the "Proceed" button on the LLL-SSS utility
Security
What security advantage does this give?
Not having to store email addresses of users is a HUGE advantage for a developer. And in turn, the users also get peace of mind as hackers cannot really get to the data they are generating/using on that developer's server.
Conventionally, all developers were using a pair of value for each user -- which is the email address and the user's password. Granted the password is kept "hashed" on the server. But there are countless users who use the same password + email combo wherever they register.
Why so?
Conventionally, all developers were using a pair of value for each user -- which is the email address and the user's password. Granted the password is kept "hashed" on the server. But there are countless users who use the same password + email combo wherever they register.
Such users may have registered for an IT product/service which was quite weakly protected. So the clever; yet nasty hacker, would get the user's credentials from that weak website and then use it at the more important server the user had registered into.
This is totally avoided when using LLL-SSS; because it simply does not follow the conventional route. If ever a hacker gets into the server, they will not know how to correlate the data from the weak website with this one which uses LLL-SSS!
This is totally avoided when using LLL-SSS; because it simply does not follow the conventional route. If ever a hacker gets into the server, they will not know how to correlate the data from the weak website with this one which uses LLL-SSS!
What if someone hacks your utility?
Technologically, it is very difficult for a hacker to impersonate someone else because he/she studied our LLL-SSS utility deeply. That is almost completely ruled out.
But, there is another possibility that we do consider: That someone hacks so deeply into our utility that he/she can create multiple Device IDs from one and the same computer,
But, there is another possibility that we do consider: That someone hacks so deeply into our utility that he/she can create multiple Device IDs from one and the same computer,
If it does happen, it will NOT be worse than someone using multiple email addresses to get multiple accounts at one website/app/SaaS.
However, that does not mean we will sit pretty on that thought.
Instead, we would be constantly tweaking and releasing newer versions of our utility. The earlier one would be "retired" i.e. if by chance someone uses the previous version, we would gently request them to use the newer one. So the hacker will now need to hack the next version too... The task is surely not trivial.
This is one main reason why we do not allow anyone else to distribute our LLL-SSS utility. The utility MUST be downloaded from our website only. If you want, you can give a link to it in your registration page.
Request to developers
If you find that you suddenly got a lot of registrations from the same IP address; you should consider if those people were using the same LAN with one external IP address, or if someone managed to get the utility to fake the device IDs. In the latter case, please let us know at admin@limenleap.com
Instead, we would be constantly tweaking and releasing newer versions of our utility. The earlier one would be "retired" i.e. if by chance someone uses the previous version, we would gently request them to use the newer one. So the hacker will now need to hack the next version too... The task is surely not trivial.
This is one main reason why we do not allow anyone else to distribute our LLL-SSS utility. The utility MUST be downloaded from our website only. If you want, you can give a link to it in your registration page.
Request to developers
If you find that you suddenly got a lot of registrations from the same IP address; you should consider if those people were using the same LAN with one external IP address, or if someone managed to get the utility to fake the device IDs. In the latter case, please let us know at admin@limenleap.com
Legal
Will this give me a virus?
Absolutely not. If we were virus writers, we would be laughably the silliest one to cook up such a round-about way!.
If you sign an NDA with us, we will be glad to share a screen-share walk-through of what the LLL-SSS utility does.
If you sign an NDA with us, we will be glad to share a screen-share walk-through of what the LLL-SSS utility does.
What are the terms of use?
Regular Users:
For regular users, we do not impose any legal pre-conditions. We are merely a "pass-through" which allows users to do a sign-up/sign-in on some IT product or service using our downloadable LLL-SSS utility. So all such users need to follow up with that entity responsible for that IT product/service and agree to their legal and privacy requirements.
For regular users, we do not impose any legal pre-conditions. We are merely a "pass-through" which allows users to do a sign-up/sign-in on some IT product or service using our downloadable LLL-SSS utility. So all such users need to follow up with that entity responsible for that IT product/service and agree to their legal and privacy requirements.
Developers:
For those developers who implement this Simply Sign-In System, you would need to take an account with us. You will have to ensure that whatever you do using our system, are permitted by the IT Act of 2000 from India. It is quite clear on what can be done and what cannot be.
Having said that; as your connection with us is only for obtaining sign-ups for your own offering, there is hardly anything that can be done on our server, which can be construed to be illegal. But please do consult your lawyer for the correct interpretation.
For those developers who implement this Simply Sign-In System, you would need to take an account with us. You will have to ensure that whatever you do using our system, are permitted by the IT Act of 2000 from India. It is quite clear on what can be done and what cannot be.
Having said that; as your connection with us is only for obtaining sign-ups for your own offering, there is hardly anything that can be done on our server, which can be construed to be illegal. But please do consult your lawyer for the correct interpretation.
CAVEATS:
We do NOT provide any warranties to anyone. We do NOT accept any liabilities. Reverse engineering of our utility is not allowed. We do NOT offer refunds. Our system cannot be made part of any other system, or copied our used for any other purpose other than what is intended; without our explicit written permission.
This work is entirely copyrighted by Sabu Francis, son of VV Francis, Navi Mumbai, India. All rights are reserved (2021)
This work is entirely copyrighted by Sabu Francis, son of VV Francis, Navi Mumbai, India. All rights are reserved (2021)
What is your privacy policy?
We wrote this because we truly believe in safeguarding the privacy of our users. We do NOT indulge in email marketing. We do not have any cookies on our website.
We do not have any "cookie" or other mechanism in the downloadable LLL-SSS utility. That utility only gives us a unique ID from your computer. As far as we know, this is a machine generated code created by the hardware manufacturer of your computer. It is the tiniest bit of information about you, which does not affect your social or personal life as far as we know. It is the most genial way to ensure our system allows you to prove yourself as an authentic person for developer's IT products/services who use our system.
We do not have any "cookie" or other mechanism in the downloadable LLL-SSS utility. That utility only gives us a unique ID from your computer. As far as we know, this is a machine generated code created by the hardware manufacturer of your computer. It is the tiniest bit of information about you, which does not affect your social or personal life as far as we know. It is the most genial way to ensure our system allows you to prove yourself as an authentic person for developer's IT products/services who use our system.
We do use some analytical tools and possibly a 3rd party system to provide live chat, help etc. Those can deposit and use cookies and other mechanism for their functioning.
We may start a newsletter through a third party service and again that may require you to reveal your email address, etc. But it is totally voluntary and you can always opt-out.
We may start a newsletter through a third party service and again that may require you to reveal your email address, etc. But it is totally voluntary and you can always opt-out.
If you are a developer who uses our Simply Sign-In System for its intended purpose, we may need more information about you which is asked up front, and which you have to knowingly volunteer. No surprises there! It is NOT a sneaky way of getting your information.
The sign-up and sign-in system we use for our own users (i.e. developers using the system) uses the developers own LocalStorage of the browser to store credentials of those who login. No cookies are used so we cannot track you using cookie technology. LocalStorage data cannot be tracked across domains anyway.
For developers using our system; we have a mechanism for totally deleting your data. All data that you provide are transparently available in the settings page.
For regular users who use our system to gain access to IT products/services, please go through the privacy policy of those IT products/services before registering there. It is not technologically feasible to control our developers regarding such matters.
The sign-up and sign-in system we use for our own users (i.e. developers using the system) uses the developers own LocalStorage of the browser to store credentials of those who login. No cookies are used so we cannot track you using cookie technology. LocalStorage data cannot be tracked across domains anyway.
For developers using our system; we have a mechanism for totally deleting your data. All data that you provide are transparently available in the settings page.
For regular users who use our system to gain access to IT products/services, please go through the privacy policy of those IT products/services before registering there. It is not technologically feasible to control our developers regarding such matters.
Important note about LLL-SSS password
When you run the LLL-SSS utility for the first time, you would be asked to set a password. Then each time you run the utility, it would request you to enter the same password before you really start using the utility. It will check the password each time. Remember the password well, as there is NO recovery method available!
This password can be used as the default password in several IT products/services that has implemented the LLL-SSS system. That means, you can work on many different IT products/services by using the same password. (The username would be set manually, of course, in those products/services)
Once you request an IT Product/service to use this password you had set for this LLL-SSS utility, that product/service would use your current password of this utility. If for some reason, you change this utility's password on your computer at a future point in time do not expect the IT product/service to also change the password. Over there, the password will remain as before. Of course, you should be able to change the password there too but you need to do that separately -- it does not happen automatically just because you changed your LLL-SSS utility's password on your computer.
If you do want to change the LLL-SSS utility password, you would need to delete the file lll-sss.pwd from the folder where the executable of this utility is located. Then it will ask you to set another password once again (next time when you run it)
If you got surprised by the fact that the utility again requested you to set a password, or the password was not what you had set earlier; it could mean that some unauthorized person may have tried to re-install the utility and/or have deleted the password without your knowledge. You should then immediately investigate who had accessed your computer without your knowledge!