Hacker News new | past | comments | ask | show | jobs | submit login

Opt-in is pretty useless. If users followed security procedures, people would use strong unique passwords and we wouldn't need 2fa.



In that case I think it's fine to have a default security profile, and let people add or remove things as they see fit. On account creation, they could even present a questionnaire that determines whether the user values security or availability more, and set the security requirements accordingly.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: