I'm firmly in the pro 2FA camp, but merely as a point of discussion: the Arc cod... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		mdaniel 4 months ago \| parent \| context \| favorite \| on: Abusing Entra OAuth for fun and access to internal... I'm firmly in the pro 2FA camp, but merely as a point of discussion: the Arc codebase is already so underwater with actual features that would benefit a forum, and if I changed my password to hunter2 right now the only thing that would happen is my account would shortly be banned when spammers start to hate-bomb or crypto-scam-bomb discussion threads. Dan would be busy, I would be sad, nothing else would happen For accounts that actually mean something (Microsoft, Azure, banking, etc), yes, the more factors the better. For a lot of other apps, the extra security is occupying precious roadmap space[1] 1: I'm intentionally side-stepping the "but AI does everything autonomously" debate for the purpose of this discussion

ocdtrekkie 4 months ago [–]

Everyone else: I need unique 128-character passwords for every site I ever visit with unphishable FIDO keys for MFA.

Me: I didn't give the store website permission to save my credit card. If someone logs in, they'll know I ordered pants there.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact