It is our passwordless policy that is the most visible aspect of our security.
You do not need a password to login in Sam9000.
Instead, whenever you login, Sam sends you an email with a one time access code.
See the definition at wikipedia.
"A one-time password (OTP), also known as one-time PIN or dynamic password, is a password that is valid for only one login session or transaction, on a computer system or other digital device. OTPs avoid a number of shortcomings that are associated with traditional (static) password-based authentication".
This system, with a one time password, sent by email, never stored permanently, is the most secure method to access a service, without a costly physical key-device.
This is by design. Passwords are the reason you often hear about major hacked websites and services.
From Yahoo to Equifax, Adobe or Sony, data breaches are alarming. Here is a list of breaches to put it in perspective.
For this to work seamlessly, you should make sure Sam's emails do not go to your junk/spam folder. A good way to make sure to see them, is to add firstname.lastname@example.org as a contact in your email software.
Each email access code is unique and will work for a period of time only. After a few minutes, we destroy it and you will need another code to login.
The email access is the real authentication for Sam.
What do we mean by "personal or safe device" ?
We want you to specify if the device you are using to access your account is secure enough.
If it is, we simplify login so it is faster and more convenient.
In "public or non secure mode" Sam will ask you every time for your email access code. This is super safe, but also a bit inconvenient, if you know your machine is already protected by a password, or you are using a smartphone with fingerprint for example.
In this case, you should use the "personal or safe device" setting. Sam will ask you only from time to time, on average once a week, to login with an OTP, one time code sent by email.