Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You don't even need to bug your users with those pain-in-the-ass 2FA. Just don't let them chose a password, send them a strong random one by email when they signup. If their mailbox is compromised, it is game over anyway as it allows an attacker to reset every password.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: