Safe Login : OTP (one time password) and a PIN

It is our passwordless policy that is the most visible aspect of our security.
You do not need a password to login in Sam9000.
Instead, whenever you login, Sam sends you an email with a one time access code.

This system, with a one time password, sent by email, never stored permanently, is the most secure method to access a service, without a costly physical key-device.
This is by design. Passwords are the reason you often hear about major hacked websites and services.
From Yahoo to Equifax, Adobe or Sony, data breaches are alarming. Here is a list of breaches to put it in perspective.

For this to work, you should make sure Sam's emails do not go to your junk/spam folder. A good way to make sure to see them, is to add support@sam9000.com as a contact in your email software.

Each email access code is unique and will work for a period of time only.  After a few minutes, we destroy it and you will need another code to login.

The email access is the real authentication for Sam.
Until you give the right code, Sam ignores any request to access your account.
That being said, you also need a PIN to login.

What is the difference between a PIN and a password or OTP access code?
Unlike a password, a PIN does not have to be super strong or complicated. Even four digits, just number is fine.
You can use something easy to remember, or you can select something more complex with letter and signs. 

We use your PIN as a second factor and validation. First the email access code, then if valid, we ask for your PIN.
It makes it possible to declare a device, computer or smartphone, as "Personal or Safe" (see picture below).
Once a device is marked "Personal or Safe", and you logged in successfully once on it, we do not need to send an email access code every time.
Sam will only ask you your PIN, at least for a few days. This is convenient because, we get it, waiting for an email every time is no fun.

The PIN ensures it is still you, on the device.  Again, without authenticating the device at least once a week with an email access code, the PIN is useless.
If you forget the PIN, we just reset it, and send you a new one by email.

Security goes beyond password protecting. We implement many measures to protect your data and our services.
We encrypt every communication between you and your cloud servers. We also encrypt all data stored on those servers.
Your security and privacy is paramount, and we built our systems first to be secure, then to be elegant and easy to use.