Why do we require login?

Why Do We Require Login for Interactive Resources?

We ask you to sign in when you want to set up notifications, save preferences, or access more advanced features. This requirement:

• Prevents Abuse: Authenticating users reduces spam and ensures our servers aren’t overloaded by automated or malicious requests.
• Controls Costs: Providing interactive features (like configurable alerts) requires more resources than simply displaying public information. Authentication helps us deliver reliable services without incurring unsustainable expenses.
• Enhances Reliability: By knowing which notifications go to which user, we can maintain a stable and secure environment for everyone.

Minimal Personal Data: We only store the essentials—your name, email address, and an anonymous token. This ensures we can contact you (e.g., if a notification fails to deliver) without holding unnecessary personal details.

Email & One-Time Code (OTC)

We understand not everyone wants to link social media or other accounts. Our Email + OTC sign-in option lets you log in without a password:

1. Enter Your Email
2. Receive a One-Time Code in your inbox
3. Access Your Account by entering that code This process is both secure and password-free, reducing the risks associated with traditional email-password setups (like password reuse or data breaches).

OAuth2 Login

We still offer OAuth2 authentication through Facebook, Microsoft, Google, and Apple because it’s a fast, secure, and user-friendly way to log in. It also reduces spam and unauthorised access by leveraging the robust security infrastructures of these platforms.

• No Extra Passwords to remember—just one click if you’re already logged in.
• Enhanced Privacy & Security: Passwords aren’t stored on our servers, minimising risk.
• Trusted Infrastructure: These large providers have strong security measures in place, helping keep your account safe.

Concerned About Big-Tech Tracking?

OAuth2 focuses on authentication, not surveillance. We don’t send your usage data to these platforms. Instead, we use their services to verify that “you are who you say you are,” so that we can offer you personalised notifications and settings.

Will You Support Other Services or Methods?

• Strong Authentication: We plan to expand our secure options (like hardware tokens or other modern auth methods) but won’t support traditional email-password logins. Password-based systems are inherently risky and can compromise user security.
• Enterprise & Government Partnerships: For large-scale deployments—such as a government agency wanting to provide zero-login experiences to end users—our Bushfire.io Cloud or Enterprise offerings can be configured accordingly. These are custom, contract-based solutions, since we can’t sustainably provide every feature for free at massive scale.

We’re committed to protecting your privacy, minimising data collection, and offering secure, user-friendly ways to access our services. Whether you choose Email + OTC or OAuth2, rest assured that our aim is to provide timely and reliable disaster intelligence while respecting your data and simplifying your experience.

Having trouble logging in?

Check out our troubleshooting guide here.

Need more info or have a special requirement? Reach out at [email protected]. We’re always open to feedback and are continuously refining our authentication options to balance ease of use with robust security.