undefined | Better HN

0 pointsraddan1y ago0 comments

FWIW, as a regular user of login.gov, from the outside, it looks like a well-designed system. I am able to add strong forms of 2FA (e.g., security keys or biometric authenticators), it requires strong passwords, etc. It also has decent developer documentation, has a support process, and comes with a vulnerability disclosure form baked into the main website. However, I have not used their API, nor have I seen any of the code (although I wonder if a FOIA request would actually compel them to give it to you).

0 comments

marwatk1y ago

> although I wonder if a FOIA request would actually compel them to give it to you

I believe most of it is open source: https://github.com/18F/identity-idp

j / k navigate · click thread line to collapse

0 pointsraddan1y ago0 comments

0 comments

marwatk1y ago

> although I wonder if a FOIA request would actually compel them to give it to you

I believe most of it is open source: https://github.com/18F/identity-idp

j / k navigate · click thread line to collapse