(no title)
HopenHeyHi | 2 years ago
If you logged in to HN using Safari on a Mac the private-key (a.k.a "password") got chucked into your keychain as part of the account creation flow and is synced across all your iCloud devices.
So on your phone when visiting the HN login page you'd just be prompted for a fingerprint by TouchID and in you go. Actually quite seamless. This would be what 90%+ of users experience as normal people don't fiddle with defaults.
I don't use Windows but they have some sort of iCloud Passwords thing for Windows now too apparently. Just dipping their toe into slowly making it cross platform.
It becomes less seamless and more of a hassle when you are using multiple keychains or 3rd party apps which probably a lot of people here are. What I described is that case, when you have both an Android phone and an iPhone and they are completely sequestered from each other (maybe personal and work?).
logifail|2 years ago
Just to clarify, these "normal people", they are the ones who typically click on links in phishing emails without actually thinking?
> an Android phone and an iPhone and they are completely sequestered from each other
Q: Why would one not expect to have devices sequestered from each other?
Anyway, umm, OK. Sounds like this "solution" means normal people are fine, anyone who isn't normal has a new mountain to climb.
HopenHeyHi|2 years ago
Yes? Heh, you know what normal people means, good. Guess what, phishing emails tricking people into visiting fake websites won't be as effective as with this flow there is no password for them to type in and accidentally give away to the attacker.
> Q: Why would one not expect to have devices sequestered from each other?
Because most people don't carry two phones or bother sequestering devices. It isn't the common case so it isn't a polished flow. At least not yet.
Don't know about a mountain as you probably use a password manager already, it isn't much different.