undefined | Better HN

0 pointsdavis_m12y ago0 comments

Are you concerned that it is a lot easier to trick users into clicking a button to authorize the login?

0 comments

Of course user behavior has to be considered. The MePIN app does allow the user to set up a personal PIN code, so an authorization would then require the PIN code and a tap.

davis_mOP12y ago

A PIN would do nothing to keep a user from being tricked into authorizing an attacker's login.

markkum12y ago

Don't want to argue, but yes it would. It would stop the user for a second, giving time to the brain to process for a while what's going on.

1 more reply

j / k navigate · click thread line to collapse

0 pointsdavis_m12y ago0 comments

Are you concerned that it is a lot easier to trick users into clicking a button to authorize the login?

0 comments

markkum12y ago

Of course user behavior has to be considered. The MePIN app does allow the user to set up a personal PIN code, so an authorization would then require the PIN code and a tap.

davis_mOP12y ago

A PIN would do nothing to keep a user from being tricked into authorizing an attacker's login.

markkum12y ago

Don't want to argue, but yes it would. It would stop the user for a second, giving time to the brain to process for a while what's going on.

1 more reply

j / k navigate · click thread line to collapse