Hacker News new | ask | show | jobs
by eimrine 1097 days ago
The world is too complicated for me to learn about how TOTP works, who supports it, how smartphones work, how password manager works, etc. All I want is an ability to use login/password with neither extra knowledge nor extra property nor having extra installed software (cookies, password manager) on the computer I am accessing the website from. Let 2FA will remain for those who really want it as it was 10 years ago.
1 comments
kemotep 1097 days ago
And that is important. Usability and simplicity is important for adoption. Every security layer we add does in fact strip away a layer of convenience.

In my opinion, learning to use a password manager has effectively eliminated dozens if not hundreds of passwords and user names that I would have had to remember and all I need to remember is my one password manager password and everything gets copied and pasted in automatically. Even easier on my phone with FaceID unlocking the vault.

But it is still a complication and disruption to previous sign in flows that I had to adapt to and maintain.

link
eimrine 1097 days ago
> learning to use a password manager has effectively eliminated dozens if not hundreds of passwords

Generating passwords properly gets rid of need of any password manager while each password keeps being unique. It is useful if most of my devices for internets don't have any password manager implemented (example - any Blackberry/Symbian/Opera Mini)

link
kemotep 1097 days ago
Absolutely, which is why I use a custom diceware list to generate the few dozen passwords between work and home that I have to manually type out, such as my computer logins, phone, etc. Drives my wife crazy for our shared accounts that I use random strings of words numbers and symbols. The password manager is highly effective at creating even stronger passwords and managing the 50+ accounts that I can copy and paste the information into, such as this Hacker News account. And even serves as a safe place to save passwords that I rarely use and could otherwise forget.
link
tzs 1097 days ago
What do you do if you need to change the password for a site, such as a site that enforced password age limits or a site that has had a leak that exposed passwords?
link
eimrine 1096 days ago
Just add # symbol to the end. If you have an age limit for password, it is an ability to know how many old passwords the system remembers.
link