[Ryoku]

Yes. But it also, I think, makes it easier to follow certain attack patterns that are already known and commonly used.

For example, setting an email forwarder to an account an attacker controls in most cases won't even be noticed. I think it opens more attack vectors than the good it could do to have this kind of integration rather than just a password manager.

Giving more control to a single manager (in this case an email account) also means you will have to set greater security standards for it. For example, are you going to type your password (which also controls all your accounts) to your friend's, school's, airport's, etc's computer that could be infected?

Passwords are insecure? Of course they are insecure. That's why we are trying to implement two factor authentication. But having 1 account with 2 factor auth controlling 20 accounts with 1 factor auth isn't exactly helping. At all.

[StavrosK]

> For example, setting an email forwarder to an account an attacker controls in most cases won't even be noticed.

Setting a forwarder where? You can do that now too. It's exactly as safe as what we have now.

> I think it opens more attack vectors than the good it could do to have this kind of integration rather than just a password manager.

I disagree. As long as you have password resets sent by email, whoever has access to your email has access to your accounts.

> Giving more control to a single manager (in this case an email account) also means you will have to set greater security standards for it.

Again, that's exactly what everyone already does.

> For example, are you going to type your password (which also controls all your accounts) to your friend's, school's, airport's, etc's computer that could be infected?

No, I don't log in to my email from anywhere that's not my device, and it has 2fa enabled.

> having 1 account with 2 factor auth controlling 20 accounts with 1 factor auth isn't exactly helping. At all.

How is it not helping? Now you have all your accounts requiring two-factor auth to log in, rather than just some of them. You also only have one server to secure, which will presumably be run by people whose sole job is to secure that server.

[Ryoku]

I'm glad you have a portable device which you can use to access your email. Not every user does. But you're right. Please use and implement candy security structures.

[StavrosK]

I feel like you didn't read anything I've written. You haven't even addressed my main point, you just came in here and spewed FUD about this solution without really discussing anything.

[Ryoku]

Well, I think we are talking about two completely different points and, per your past response, that nothing I've said really makes sense to you. Of course I think the solution is useful from a UX perspective, it's awesome. But from a security point of view you are leaving all the security out in a single layer and whenever that layer (single email address) fails, then there's nothing left.

>How is it not helping? Now you have all your accounts requiring two-factor auth to log in, rather than just some of them. You also only have one server to secure, which will presumably be run by people whose sole job is to secure that server.

Yes, you are left with only one server to secure, and yes it is most likely run by people who are good at it. But this is exactly why it's a good example of candy security: As soon as you get past the first wall, there is nothing else stopping you from getting access to everything. And you can't really presume all users will have double auth activated, nor that they will be as cautious with that single set of credentials will be.

[StavrosK]

Is it perfectly secure? No, but nothing is. Is it worse than what we have now? No, it's not.

This is the question I'd like you to address: How is it less secure than what we have now?

[Ryoku]

I think it is less secure because it centralizes all the security in one single layer. AKA the email address you are using to handle the credentials. Once you have access to that email, then you have access to everything. Contrary to what happens now that at least raises more flags when your accounts start getting password changes, etc.