Hacker News new | past | comments | ask | show | jobs | submit login

A short PIN seems nice for personal use (maybe on a self-hosted service) but wouldn't a short PIN allow people to potentially guess random PINs and download files that they shouldn't have access to?



The hope was for the time limit to help improve those odds, but, yes. It was also not really intended for anything truly sensitive.

The motivating case was when you're in physical proximity to the destination device, but don't have any account linkage between the two (not even messaging/email/social accounts that are connected). The original idea came from university computer labs: transferring homework between the lab computer and a personal one was a pain. I had to sign into dropbox in the browser (and 2FA), or attach it to an email, or carry around a flash drive (which wouldn't work on phones), or whatnot. Just to move the file three feet. A glanceable code with no sign-in bridged that gap.

Other use-cases include people you don't know very well (and therefore don't have an email, phone number, etc.). We demonstrated the prototype to a crowd by uploading a file with the code visible on the projector, and suddenly everyone in the crowd had the file. That was pretty cool.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: