Hacker News new | past | comments | ask | show | jobs | submit login

Please don't use passwords at all. They are wrong for so many reasons. Use emailed sign-in links.



Which, in general rely on your users email password .. which may not be as secure as their bank password, because "email doesn't handle money".

So, to access your bank now crackers just need to get in to your email (which may be true anyway, of course 2FA helps in both cases).


If somebody get to your email you are doomed anyways because with passwords all they have to do is reset it through that hacked email.

The benefits of sign-in links are: a) you don't have to remember gazilion of passwords b) you don't have to use password managers c) you can setup a really strong passphrase for your email and actually remember it because it's the only one you have to. And of course set up strong MFA or whatever d) you don't have to setup MFAs on services and giving them more personal info(phone number) than they really need e) for me as a developer it's also easier to implement actually


I think the GP was suggesting automated sign in links for random web services. Using them for a bank account would be silly.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: