Hacker News new | past | comments | ask | show | jobs | submit login

Yup, you nailed it. That is exactly the plan. Any thoughts on that approach? Do you think you might be willing to update your current 2FA workflow to the one described above?

I think it's a very cool idea! The other big UX issue with 2FA (in my opinion) is backup & restore -- nail both and you'll have a pretty solid product.

For disclosure, I work for Duo, so I'm a big believer in push-based 2FA. (Consider applying if you're interested in usable security!)

Ah! Duo is definitely one of the incumbents in the space that we looked at during our competitive analysis. As far as I understand it, your push based 2FA solution only works for sites which use Duo as the 2FA provider. Is that correct?

I am hoping to build a solution which has a similar sounding UX to Duo Push, but works for any site that currently implements 2FA without requiring the site to make any changes at all. I think that this will provide more comprehensive coverage of sites that developers and other users interact with on a regular basis. For example, Github will not update their backend to use a 2FA service that I write because they already have a good solution in place, but by using a browser extension I can build the UX that I want without any changes required on Github's end.

Admittedly, I had some trouble getting started with actually trying out Duo to get a feel for the UX, but I will definitely have to check out the features that you provide to see what competitors in the space are already doing.

I agree that Backup & Restore is another prime part of the 2FA UX that needs some TLC. We've got some thoughts on improving that as well, but the first step is to nail the UX of actually being productive with 2FA and then come back to add enhancements.

Here is to some healthy competition! :)

Yep, we have integrations for many services, but software must integrate or support SAML (as Github Business/Enterprise does) for us to do 2FA. Our core product isn't really 2FA however, and we have different target markets: Duo primarily targets businesses looking to protect the services their employees access, while it sounds like you're trying to provide better UX for any consumers of 2FA.

I completely understand your approach and think it's a really neat idea. Looking forward to seeing it. :) Feel free to connect with me via email, I'd love to beta your product.

Thanks for the background on Duo.

I'll definitely reach out once we have a beta to demo. We'd love to get some feedback from folks outside our immediate team!

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact