Welcome to Portabella! We're so happy to have you join our mission of a more privacy preserving future.
When you sign up to Portabella the first thing you'll see that's probably a little confusing is the password or mnemonic based registration method. The choice you make will depend on your preference for security vs. convenience.
All core data in Portabella is client side encrypted, that means we never see the names/descriptions/titles of your tasks. Additionally we never see the key that is used to encrypt this data, doing so would invalidate the entire premise of client side encryption. To do this it means when you sign up you need a private EC key generated, this can be done via an email + password combination or via a mnemonic.
When you sign up with a password we take your email and password as the inputs to a password based key derivation function (PBKDF). This stretches your email + password into a long seed that can be used to generate a private key.
With this method it's crucial you use a long and secure password, preferably one generated by a password manager. If not, your account is no more secure than it would be if you used any other project management platform.
When you sign up with a mnemonic, we take it, convert it into a seed and use that as the input to our key generation function. We allow generating a mnemonic from browser but if you're wanting more entropy than the browser provides you can paste in your own.
Password based login is much more convenient for the average user and aligns with how many other applications work. If you're often switching computers it'd be preferablt to use the password based login as you can just remember your email + password combination rather than carrying around your seed phrase with you.
Mnemonic based login should be used if you're wanting more security you're familiar with seed phrase backups.
We've written a whole blog post (Password vs. mnemonic based login) on this subject if you're still wanting more information.