knn132 Welcome! Let me get to each of your excellent points in turn.
How would one handle having multiple accounts on a single site using Spectre?
Our general recommendation is to use the standard form user@service
(this is where e-mail addresses get their format from). The result would be eg. lhunath@twitter.com
.
Of course, depending on your situation, you might opt for another approach. For instance, you may have a full suite of accounts you use personally and another suite of accounts with the same services you use with your employer. In that case, you could make a personal Spectre user with your full name, and a secondary Spectre user that is employer-scoped, using for instance your employee e-mail address as the Spectre name. Now you have a full profile dedicated to your company, cleanly separated from your personal access profile. Such an account is also great for enabling business continuation or hand-off when you move on from the company or are suddenly unavailable for an extended period of time and someone else needs to take over from you (ie. you can easily pass on your Spectre account to someone else at the company).
I'm assuming that the end user will be expected to remember the individual site counters for any that are not 1
This is correct. We do employ user profiles which can be exported and transferred between devices, but it's very important to us that you are able to recover any passwords you need from a total-loss scenario. What you would do for your counters in that eventuality is to start them from 1 and increment them by testing the resulting password against the site until you have found the correct counter value. It's a bit of an arduous process, but we don't expect most sites to roll over the counter too often and such a recovery event is (hopefully) rare. That said, it is critical to us that there remains a viable path for it.
there's no way to store usernames via Spectre?
Two points: firstly, Spectre does implement a hybrid approach, allowing you to save encrypted data into your user profile, be they passwords or login tokens, but as you rightly point out, these tend to defeat to overall purpose of statelessness so aren't typically recommended for information you can't otherwise recover easily. We do recommend that you save your primary e-mail address as the user's standard login name to be used for all sites without a specific login name, since you're not likely to suddenly forget it.
Secondly, Spectre does also offer username generation as an option. The idea behind this is that Spectre can generate a random token that can be used as an anonymous username with a new service. This username will then carry over to any new devices just like passwords. Of course, whether this is a viable option for you is entirely dependent on the service you're looking to use it with. Barring this option, you are correct that you'll need to save your login name in Spectre and it won't automatically survive a total loss recovery.
Similarly to counters, passwords and login names saved in your user profile will transfer with export files to other devices, so this can be a viable strategy for manually syncing your profile on multiple devices.