A little while ago, we wrote a blog about anonymous apps and why companies should consider creating apps that don’t require a login to use. In that blog, we briefly mention the concept of nano IDs. Nano IDs are what allow us at Stashpad and other software companies to randomly create unique identifiers for app experiences with no logins. This is what Stashpad’s no-login-required experience is built on.
However, there’s a common misconception that using a Nano ID like a password is not secure and that anyone could write a script to stumble onto existing documents. In this blog, we’ll overturn this assumption and dive deeper into why using a Nano ID like a password can be a powerful strategy for anonymous-first apps.
What is a Nano ID?
Nano ID is a unique ID generator that creates tiny, secure (more on that later!), and URL-friendly IDs. It has been implemented in over 20 different programming languages, including JavaScript, Go, and Rust, among others.
Some of the other benefits of Nano IDs are:
- Nano ID has support for modern browsers like React Native and Node.js
- Nano ID has an extremely low chance of a collision
- Nano ID doesn't have any dependencies
- Nano ID has a small size
- Nano ID uses 21 characters
What is better, Nano ID or UUID?
Up until recently, UUID was the “default” unique identifier used by software engineers. While UUID is still commonly used today, Nano ID does have some stand-out advantages over UUIDs:
- Nano ID offers the same collision probability with only 21 character versus UUID’s 36, due to a larger alphabet
- Unlike UUID that has a package size of 483 bytes, Nano ID has a package size of only 130
- Nano ID is twice as a fast as UUID due to more efficient memory allocation
Nano ID has an MIT License, whereas UUID has an Apache License 2.0.
Are Nano IDs unique and secure?
While no identifier can be completely unique, the possibility of a collision when using Nano ID is extremely low. And when we say extremely low, we mean it. At Stashpad, we generate Nano IDs with a length of 24, which would take about 21 billion years of effort to even have a 1% chance at a collision.
Of course, this doesn’t eliminate the risk that you accidentally share the document link in the wrong place. This is why we recommend using permissions-based docs when you have sensitive information that absolutely can’t and shouldn’t be revealed.
However, for the vast majority of cases, Nano ID-based URLs for collaborative docs are highly effective and secure and won’t be found due to an ID collision.
