undefined | Better HN

0 pointsmarkkum12y ago0 comments

Don't want to argue, but yes it would. It would stop the user for a second, giving time to the brain to process for a while what's going on.

0 comments

davis_m12y ago

If a user is willing to press the button, a PIN isn't going to stop them. Your app is decreasing security in favor of usability, which is not something look for when they are looking to implement two factor auth.

I think anyone who would blindly use your proprietary two factor solution that makes it easier for end users to authorize other people to log in would be silly.

markkumOP12y ago

I can use similar arguments; a user can be tricked to enter an OTP to a phishing site. For that the hacker does not need to time the attack to the same second, so it's much much easier attack for the hacker.

'No 2FA' is the real silly one here. Any 2FA is so much better than no 2FA, and usability has been a big issue so far in 2FA adoption.

j / k navigate · click thread line to collapse

0 comments

davis_m12y ago

I think anyone who would blindly use your proprietary two factor solution that makes it easier for end users to authorize other people to log in would be silly.

markkumOP12y ago

'No 2FA' is the real silly one here. Any 2FA is so much better than no 2FA, and usability has been a big issue so far in 2FA adoption.

j / k navigate · click thread line to collapse