Hacker News new | past | comments | ask | show | jobs | submit login

> with sufficient warnings for users who prefer their accounts to fail-deadly

This is unfair. A service, in general, can only know if it's fail-open or fail-closed. Unless you're running a nuclear weapons service (where this term came from) or the like, you don't know which way is "fail-deadly". I love promoting security as much as anyone but let's not throw around scaremongering terms.

I'd like my GitHub repos, for example, to be fail-open. If I can't get in, nobody benefits from my junk there being lost forever. Certainly, nobody will die. GitHub doesn't really support that, but at least they don't require 2FA.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: