Hacker News new | ask | show | jobs
by eviks 986 days ago
> You can scrape email/sms for codes automatically

IF they arrive right away, which isn't guaranteed for either method Also, do you seriously suggest every single user to set up some kind of x-platform scraping service (how would you scrape an SMS code to a computer's clipboard)???

"user hostile" means that you impose a cost on users without consent and in many cases without benefit

> I don't use password authentication alone unless it's literally my only option.

That's fine, but this isn't a conversation about you. I'm fine with a high-entropy auto-generated password for a huge bunch of services
1 comments
faeriechangling 986 days ago
Reading passwords from SMS is already in Android and iOS, passwords from emails is in iOS (with mail). For that matter, there is no reason TOTP codes can’t be autofilled along with your username/password. The tooling around this stuff keeps getting better and more widespread because it’s getting more prevalent.

>How would you scrape an SMS code to a computer’s clipboard

https://support.apple.com/en-us/guide/safari/ibrwa4a6c6c6/ma...

There’s no technical reason this same idea can’t work with every OS.

>impose a cost on users without consent

We have 1.3 million people who had their personal information leaked by an anti-Semite. More people are impacted by the breach in privacy than just the people who reused their passwords. The level of security was not appropriate to the context. Forcing costs on users can be good when said users are handling sensitive PII.

link
eviks 986 days ago
> The tooling around this stuff keeps getting better > There’s no technical reason this same idea can’t work with every OS.

And until it gets to good and working on every OS you have no argument

> Forcing costs on users can be good when said users are handling sensitive PII.

No it can't, why do you think you can impose your personal oversensitive value judgements re. PII on every single user???

link