Hacker News new | past | comments | ask | show | jobs | submit login

The first thing I tell people to do is secure their email with a good password and two factor authentication because if that gets hacked most other stuff can be hacked via password resets.

Your email address is your identity online - everything but everything assumes this. I have strong passwords and 2FA on my main account. If it was hacked, an attacker could (for example), reset my password for my national security vetting portal account. On there is available to anyone who has my login (no 2FA for this, obviously), forms which detail everything about me, my partner, my parents. My total, actual identity. I am compelled to use this service for the work that I do.

I hope neither it nor my email has any security breaches.

Does it at least have a cool down period? Like if you try your username n times in the last hour, you get locked out and can't try any more for m hours?

I don't know, you tell me how secure you think it might be: https://www.nsv.mod.uk/

Well, as it only supports TLS 1.0 and SSL 3 (C grade on SSL labs), plus looks like it's running an old version of Web Forms, I think you're probably fine. :/

Applications are open for YC Winter 2022

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact