Hacker News new | ask | show | jobs
by ptoomey3 2691 days ago
SMS does still help to mitigate a common attack...folks trying out password dumps on other sites. But, I don’t disagree we need to move on when we have more options to choose from. Right now the best looking option is webauthn with platform authenticators.
1 comments
def_true_false 2689 days ago
If password reuse is a problem, one should be solving that problem instead of it's symptoms. "Have I Been Pwned" comes to mind.

https://haveibeenpwned.com/API/v2#PwnedPasswords

link