undefined | Better HN

0 pointsbobbiechen8mo ago0 comments

As opposed to username/password, where... An attacker that controls the email address can log right in.

Unless you mean to say I should set up 2FA for my CSS theme variable helper website?

Passkeys and OAuth/social login are great, but everyone has an email. And I don't think any mainstream site supports only passkey as an auth method (and no other way).

0 comments

2 comments · 2 top-level

tonyhart78mo ago

"Passkeys and OAuth/social login are great, but everyone has an email"

big tech is only allowing Social login from another big tech anyway, they use whitelist and banning everyone that dont use that because they cant guarantee untrusted "third party"

LoganDark8mo ago

"Everyone has an email" is like "everyone has a phone number": wrong and bad. At least email addresses aren't difficult to get...

j / k navigate · click thread line to collapse