|
|
|
|
|
|
by Dalewyn
878 days ago
|
|
|
>in favor of apps, OTP tokens, and email codes And all of them are some form of jank or inconvenience. Look, most people (myself included) don't give a fucking fuck about security. Our time lost to the kabuki theater of security is worth more than the so-called "security" we gain, and that's assuming whatever is being secured is even worth securing. A determined attacker will ignore all that and just undermine everything with social engineering against a useful customer support tech anyway. Unless your solution is as simple as entering a password and hitting a button, which is the digital equivalent to taking out a key and unlocking your front door, it is not going to see widespread acceptance. Make your fucking security solutions convenient, not secure. kthxbai. Even cars did away with keys because turning the ignition is an inconvenience compared to just pushing a button. |
|
|
What password?
I mentioned the NHS app I use in a different sub-thread, so let's try my (not very good, would not recommend but they offered decent credit balance interest) current account. I tap the app on my phone, I get a whirl of nonsense, and then:
"Verify that it's you" and I touch the fingerprint sensor on my Pixel 6.
And that's it. No passwords, no PINs, no SMS messages, no separate authenticator device
This is much more secure than real human passwords (it'll be an elliptic curve signed message, so similar to HTTPS) and much more convenient, and short of convincing me to literally send you my phone and my finger you can't trick me into giving you access.