Hacker News .hnnew | past | comments | ask | show | jobs | submitlogin

I like this idea a lot, but given the centralization of authority to a user's email account, I do think it requires beefed up security for however the user accesses their email---i.e., would be great to allow this only for users who have 2FA enabled on their webmail, although I have no idea how you'd check or enforce that.

Actually, the "lost password" flow already assumes email as a single point of failure, so I suppose my 2FA comment is moot (in other words, we should be pushing for 2FA for accounts regardless of their password approach on other accounts).



> but given the centralization of authority to a user's email account

This is already the case right now. An attacker who has access to your primary email account can gain access to any of your accounts using Forgot Password.

> the "lost password" flow already assumes email as a single point of failure,

Exactly. I think that was the inspiration for the idea. If we have a single point of failure anyway, why not just use it directly to login?


Yes. This just offloads the security burden from the Webmaker service to your email provider. It means one less password, but a compromise is still catastrophic.

If the goal is to separate the need to remember complex passwords from the application, then a password manager makes much more sense (ideally with 2FA).

In the long game of improving token-based security, this is a step sideways at best.


With this method I'm not seeing how an e-mail compromise is any more catastrophic than a site that offers a "forgot my password" flow.

That is to say, yes, a compromised primary e-mail _is_ catastrophic, but seems like an already accepted risk. Why is this worse?


Assuming an email compromise is catastrophic, as pointed out earlier in this thread, one might as well use a password manager, which allows for maximal password strength, possibly 2FA, total control over the password database, etc.

I didn't mean to imply that this was worse, only that it doesn't really change the threat.


Because, at least for me, it takes a lot longer to visit my email, wait for the email to arrive, open it, click the link, than to just fill in a password (or preferably have my browser/password manager do that).


> This is already the case right now. An attacker who has access to your primary email account can gain access to any of your accounts using Forgot Password.

This is not the case when using two factor authentication.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: