Dear Community,

We have made changes to our authentication system, to make it stronger and safer, and we want to share our updates with you.

From now on, Aptoide will no longer require a username and password for those who wish to log in or sign up. This means that users won’t have to create and remember passwords, or have them stored in the database.

Instead, each time a user wants to log in or sign up, they will be asked to insert their email address and will immediately receive a magic link via email. To complete the login or sign-up process, users will need to click on the magic link, which will take them back to the Aptoide app.

Since this is a passwordless authentication system, if the user logs out of Aptoide, they will need to ask for a new magic link to be able to log in again.

With the new security changes, the only thing that will be stored in the database is a user’s email address hashed. This hash will use bcrypt. Bcrypt hashing function incorporates a salt, and is highly resistant to brute-force search attacks.

Logins through Facebook or Google accounts will continue to be available. However, the email address or ID returned by external authentication will also be stored hashed with bcrypt.