Hacker News new | past | comments | ask | show | jobs | submit login

That's the point that I see as well. It's like if they get your email they will be able to get your user/password account anyways. So this seems like a decent way of getting rid of the password.



Also want to add incase anyone is reading that you don't want to set your systems security based on some lowest denominator that you can't even secure / control.

Seems unreasonable and insecure.


When user password are used for security, proper services have additional questions (in other words 2FA) to reset your password by email.


Additional questions are bonus passwords. They are not 2FA.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: