undefined | Better HN

0 pointssontek5y ago0 comments

How are magic links higher security than passwords + two-factor auth? A magic link gives an attacker the ability to compromise any sites using magic links as long as they get access to the e-mail.

2fa + password means they could compromise the e-mail and still not be able to reset a password without the TOTP.

Social Auth is even more secure than magic links because the larger companies like Facebook and Google have already implemented SECURE 2fa and they've also implemented IP / Computer tracking so that if abnormal authentication happens you have to go through better verification.

If a magic link gets opened from Argentina when the user traditionally logs in from North Dakota, are you blocking that until they go through more verification? If not its not more secure.

0 comments

postalrat5y ago

I'm comparing magic links alone to passwords plus an additional reset email. Magic links with no passwords will be more secure.

If you add 2fa to passwords and keep the email reset then magic links alone will still be more secure.

j / k navigate · click thread line to collapse