Hacker News new | ask | show | jobs
by lukebennett 2783 days ago
It's not so much the choice of email address (throwaway or not) but the fact that you physically can't log in on a machine where you can't/don't want to access your email. You can't access the link and it's too long and cumbersome to type out manually.

So your only choice is to access your (personal) email on a device where you may not want/be allowed to.
1 comments
munk-a 2783 days ago
I don't find that so objectionable, to log into their site you need to enter some credentials, _usually_ that checking is being offloaded from medium onto a third party you may trust more. In the case that you really need to access it where you don't wish to log into your primary email you will still need to login to something, their approach allows you to choose what sort of login security you'd like (maybe you want 2FA via google, maybe you want a more security lax service)

I think password managers are great but the service I see them providing that has the most benefit is to reduce the number of passwords the user needs to actively remember. The single sign on approach has it's weaknesses but the idea itself is pretty sound, you should legitimately trust facebook or google or whoever to know more about secure authentication than some random site... the fact that this service comes with a privacy leak and implies greater online presence tracking is terrible, but the core idea is sound. It'd just be nice to have a neutral party doing it.

link
lukebennett 2782 days ago
I have no objection to them offering Facebook/Google etc for those who wish to use them.

The problem is the lack of an alternative which is how this whole thread started - their approach allows you to choose between logging in via a third party, or logging into your email on the same device. It doesn't let you log into their website directly.

I wouldn't mind if they emailed you some kind of time-limited one time token you could enter on the other device, rather than using a conventional password. But all they supply is a lengthy link, which can only practically be opened on the device that has access to your email.

link