You could do client ssl certs and just skip the password. It would be more work ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		dec0dedab0de on May 3, 2018 \| parent \| context \| favorite \| on: Twitter urges users to change passwords after comp... You could do client ssl certs and just skip the password. It would be more work for the user though.

cabaalis on May 3, 2018 [–]

That would transfer it from something you know (a password) to something you have (a device with SSL cert installed) which are meant to protect against different problems.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact