Yahoo’s password-free sign-in is like two-factor auth without the first factor, which is idiotic because the whole point of the password in two-factor is that a random attacker can’t spam you with sign-in notifications. So that’s another security scheme that fails as soon as someone is actually trying to breach it. (Chances are the system is going to throttle sign-in notifications if someone spams the login form, which will make it harder or outright impossible for you to sign in when you do want to.)
Of course it would work great if your login itself could be secret (like my Apple ID is, for instance), but in this case the login is the very e-mail account whose inbox you’re trying to access.
Yes, passwords sucks. But we’ve been sticking with them because all technologically available alternatives are worse.
Want to know when I post new content to my blog? It's a simple as registering for free to an RSS aggregator (Feedly, NewsBlur, Inoreader, …) and adding www.ff00aa.com to your feeds (or www.garoo.net if you want to subscribe to all my topics). We don't need newsletters, and we don't need Twitter; RSS still exists.
Legal information: This blog is hosted par OVH, 2 rue Kellermann, 59100 Roubaix, France, www.ovhcloud.com.
Personal data about this blog's readers are not used nor transmitted to third-parties. Comment authors can request their deletion by e-mail.
All contents © the author or quoted under fair use.
