Hacker News new | comments | show | ask | jobs | submit login

Agreed, I'm just toying with the idea of finding the simplest way for a user to access a website securely. Haha, that's why I posted here before implementing it ;)

We'll be focusing on mobile, and the login process could be something like PayPal's mobile app where they let you login with your phone number and PIN (min 4 digits). I'm just looking for a secure way to translate that to a web app.

Something that could help - sessions could persist for an infinite amount of time, so upon first login we send them 4 random digits via SMS and if they enter it correctly they're authenticated. Basically two factor auth without the initial password.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact