The landing page of the All me web app is now online and it has a curious log in. The log in requires First Name, Last Name and Authenticator, but no username or password.

The absence of a traditional email and password login on all-me.ch (and the All me app) is not an oversight, it is a deliberate, architectural decision driven by its Privacy by Default philosophy.

Traditional email-and-password systems are viewed by the platform’s architects as structural vulnerabilities.

Here is why the All me site and app deviate from standard logins:

Elimination of “Correlated Identities”

The entire premise of All me is that users can maintain separate, unlinked profiles (Anonymous, Personal, Family and Professional).

• If you use a single email address and password to log in, a database breach or a data-mining algorithm can easily correlate and link your anonymous browsing profile to your real-world professional identity.
• By removing the traditional email/password handshake, the platform prevents your various digital personas from being stitched together.

Resistance to Database Breaches and “Credential Stuffing”

Centralised databases that store email addresses and hashed passwords are prime targets for hackers. If a hacker breaches a site, they take those emails and passwords and use them to break into other services (known as credential stuffing).

By not storing a standard email/password set, All me removes the “honeypot” that attracts hackers and ensures that a breach on another website cannot be used to compromise your All me account.

Shift Toward Modern Zero-Trust Authentication

To achieve its security goals without traditional passwords, the All me ecosystem leans heavily on modern authentication protocols and encryption.

• Separation of Authentication and Payment: When you pay your subscription, the Swiss banking gateway verifies your payment and simply passes a binary “Yes/No” token back to the app. The app itself doesn’t need to store your credit card or billing email alongside your social data.
• Open-Source Authentication: The platform leans on hardened, encrypted, third-party Swiss privacy tools. For example, All me recently selected Proton Authenticator (built by Geneva-based Proton) as its primary tool for time-based multi-factor authentication. By shifting to app-based tokens and device-level authentication, it cuts out the need for a legacy, static password.

Zero Tracking and Data Collection

If a platform requires your email address to log in, it immediately has a piece of Personally Identifiable Information (PII). Under strict Swiss and EU privacy laws, collecting an email address forces a platform to track, manage, and protect that data. By avoiding standard email registrations where possible, All me bypasses the need to harvest user data in the first place.

Summary

The lack of a standard email and password login is a feature, not a bug. It is a Zero-Knowledge / Zero-Trust security model designed to ensure that if a user wants to be anonymous on their primary profile, there is no email trail or shared password linking them back to their real identity. Relying on local device authentication, cryptographic tokens, and external hardened authenticators keeps user data completely siloed.