Hacker News new | past | comments | ask | show | jobs | submit login

This is where you want 2FA really.

Each time the user logs in from a new "client" ask for a 2FA code from something like their phone.

Things like Authy and Google Authenticator make this relatively painless to implement.




We already implemented 2FA, but it's not yet forced for everyone. You don't want to patronize your customers ;)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: