Hacker News new | ask | show | jobs
by overcast 2898 days ago
Passwords can already universally be recovered through email. I wish ALL sites had this feature. It's essentially a one time password, that expires.
2 comments
choward 2898 days ago
Exactly. The only password that really matters is the one for your email. Everything else just provides additional attack vectors.
link
dogma1138 2897 days ago
That only works for services that do not store any sensitive data and employ costumer controller encryption, if your password is used as a cryptographic tool then it’s out of the question to use such mechanism.
link
choward 2897 days ago
Then how would you be able to reset your password? All I'm saying is that any service that allows password resets shouldn't have passwords at all.
link
vxNsr 2897 days ago
Whatsapp has figured out a solution to this problem. i.e. what is your Whatsapp password?
link
PappaPatat 2895 days ago
Your telephone number. So instead of something you know (password), they use something you have (phone).
link
cozzyd 2898 days ago
Yeah, but be careful never to use an email that you might lose access to (which in principle, could be any email).
link
overcast 2898 days ago
What's the difference? They'll just recover your passwords either way. Secure your email password, use two factor authentication. Now you're more secure than just about any website you're using.
link
cozzyd 2898 days ago
Well, for example if you're a student and you have you@your.edu, you might lose access to that account after you graduate.
link
dogma1138 2897 days ago
And providers like GMail can ban your account without warning or recovery options.
link
overcast 2897 days ago
Same issue applies if you forget your password to any site.
link