Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

They aren’t ideal but are they actually worse than passwords? I’d bet that on net, more compromises happen with previously-leaked passwords


I haven't actually seen these being used as passwords like TFA states; they're usually a form of 2FA.

If they actually are passwords, yes, my password manager is a better UX than having to fetch my phone, open SMS, wait for the SMS, like good grief it's all so slow.

(In the 2FA form, I'd prefer TOTP over SMS-OTP, but the difference is less there.)


The largest site where I've seen this flow (username + email) is hotels.com.


Most people don't use a password manager. They just have shit passwords.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: