Currently, we base64 encode the username and password and store that combo locally. As people often reuse their passwords (and might use list.it from an untrusted machine), this is insecure. We should instead get a (hopefully revocable) authentication token from the server.
Currently, we base64 encode the username and password and store that combo locally. As people often reuse their passwords (and might use list.it from an untrusted machine), this is insecure. We should instead get a (hopefully revocable) authentication token from the server.