
Ask HN: What's your preferred authentication method as an end-user? - horizontech-dev
To be clear, looking to hear whats your preferred authentication method as an end-user (not as a developer).<p>Example:<p>Phone Number
Gmail
Social (fb, linkedin, github etc)<p>Sorry, if there is already a discussion around this. Feel free to link me.
======
pwg
login-id + password

Random websites simply _do not_ get my phone number (and if they persist, they
often receive 123-456-7890 which quiets them down). I do not use gmail (and
random websites would not get it if I did). I also do not use fb/linkedin, but
even if I did, random websites also would not get that information either. Do
have a github account, but again, random websites will not receive that
information either.

~~~
horizontech-dev
Got it. Thanks.

Are security and privacy the reason for the aversion to phone number and
social methods?

~~~
ColinWright
Firstly, I usually don't have the methods being asked for. I don't use Linked-
In, I barely use FB and certainly can't remember my password. And seriously,
would you go around giving your phone number, email, physical address, etc.,
to everyone? The opportunities for social engineering abound.

And just because the people I give it to may be trusted today, there's always
(a) buyouts, (b) security breaches, (c) going rogue.

Why are you asking these questions? Are you trying to learn about security?
Are you surprised at the responses?

Would you, without reservation, give random people your email, phone number,
login-id for other services, etc?

If so, why do you _not_ have concerns?

------
ColinWright
I second everything that pwg said[0]. Why should I give a random website
information? There has to be an exchange, and it has to be fair. Do they
provide enough value for me to give them information?

Rarely.

Do they _need_ the information to perform the service they are offering?

Rarely.

For me, login-in / password. If they're asking for more then it had better be
obvious from the start that it's worth the trade.

[0]
[https://news.ycombinator.com/item?id=22771460](https://news.ycombinator.com/item?id=22771460)

------
zzo38computer
For HTTP(S) stuff, HTTP authentication (basic or digest auth). However, better
would be to use SASL (which is usable with many protocols, although I think
HTTP(S) unfortunately doesn't), and then from that to have some sort of SASL
method which allows decentralized authentication like OpenID but does not
require a web browser.

What I hate is using a telephone number (I don't want them to call me on the
telephone, and other people in my house might use the same service so then
that won't work so well!), Gmail (I don't use it), GitHub (again I don't use
it), Facebook (again I don't use it), etc.

------
gshdg
Email + password. I can isolate the email in case of breaches and it helps
avoid leaking behavioral data to social networks.

