undefined | Better HN

0 pointsxj97y ago0 comments

there is no account

only capabilities

accept this, find peace

0 comments

2 comments · 1 top-level

marknadal7y ago· 1 in thread

Please don't, we need more competition in the space.

If you guys do this, you'll shoot your user adoption in the foot.

Do you really think XYZ millions of users moving from FB in the next decade, when they come to SSB or NAB, are going to choose the one that is intentionally more complicated/confusing/harder-to-use?

Get passwords working in cryptographically secure ways and the world will be at more peace.

xj9OP7y ago

competition implies taking different approaches. i don't think that the cap approach is inherently more confusing. the point is, there is more than one way to make a good UX on top of differing cryptographic primitives. you have one method, and that's fine, i think that capability security is a better approach so that's the path i'm taking.

i don't care about millions of people. mass adoption is fine, but i don't care about the people who already have internet, smartphones, and need convincing to drop their shitty spyware android device. i care about the billions of people who are coming online in the next 5-10 years. i'm developing[0] a stack that integrates hardware, software, and p2p/mesh protocols to compete directly with telcos and OEMs.

when you include hardware security, the user experience of per-device keys is much nicer. you need a passcode that is used to protect your device-entangled key and that's it. new devices pair like bluetooth, securely handshake, and publish `sameAs` depending on the type of device. users don't need to worry about anything beyond the device passcode. projects like dark crystal[1] make it easy to generate and distribute an emergency key that can be used to restore access to your devices if you forget your code.

[0]: https://heropunch.io/

[1]: https://darkcrystal.pw/

j / k navigate · click thread line to collapse