Hacker News new | ask | show | jobs
by faeriechangling 993 days ago
You can scrape email/sms for codes automatically and add them to the clipboard or autofill, and what does user hostile even mean? User hostile is losing all of a users data because you were more concerned with customers liking how easy your service is to use than you were about ensuring your service didn't hurt them.

You can do better than email/sms, especially sms, but they're transitionary technologies. I login to way more things than most people do way more often. I don't use password authentication alone unless it's literally my only option.
1 comments
eviks 993 days ago
> You can scrape email/sms for codes automatically

IF they arrive right away, which isn't guaranteed for either method Also, do you seriously suggest every single user to set up some kind of x-platform scraping service (how would you scrape an SMS code to a computer's clipboard)???

"user hostile" means that you impose a cost on users without consent and in many cases without benefit

> I don't use password authentication alone unless it's literally my only option.

That's fine, but this isn't a conversation about you. I'm fine with a high-entropy auto-generated password for a huge bunch of services

link
faeriechangling 993 days ago
Reading passwords from SMS is already in Android and iOS, passwords from emails is in iOS (with mail). For that matter, there is no reason TOTP codes can’t be autofilled along with your username/password. The tooling around this stuff keeps getting better and more widespread because it’s getting more prevalent.

>How would you scrape an SMS code to a computer’s clipboard

https://support.apple.com/en-us/guide/safari/ibrwa4a6c6c6/ma...

There’s no technical reason this same idea can’t work with every OS.

>impose a cost on users without consent

We have 1.3 million people who had their personal information leaked by an anti-Semite. More people are impacted by the breach in privacy than just the people who reused their passwords. The level of security was not appropriate to the context. Forcing costs on users can be good when said users are handling sensitive PII.

link
eviks 993 days ago
> The tooling around this stuff keeps getting better > There’s no technical reason this same idea can’t work with every OS.

And until it gets to good and working on every OS you have no argument

> Forcing costs on users can be good when said users are handling sensitive PII.

No it can't, why do you think you can impose your personal oversensitive value judgements re. PII on every single user???

link