undefined | Better HN

0 pointsthangalin12y ago0 comments

The point is that e-mail vendors (e.g., Google, Microsoft) have dedicated far more resources and effort to securing their e-mail software (e.g., GMail, Hotmail) than start-ups will, or can, dedicate for their own authentication component. (For example, how often are all GMail passwords been stolen?)

I am suggesting that the authentication process for e-mail is far more secure than what a start-up could produce to authenticate for their own site. I am not suggesting that e-mail is NSA-proof.

0 comments

1 comments · 1 top-level

gnaritas12y ago

One can hardly count on users always having one of the big provider mail accounts and beyond the big providers, most email is still sent across the wire unencrypted. Email isn't generally script kiddy proof, let alone NSA proof.

While I like the idea of login via email link, it's only good if the login link expires very quickly.

Email is not an auth mechanism, if you want to rely on the big providers to do auth, they have systems specifically for that already.

j / k navigate · click thread line to collapse