undefined | Better HN

0 pointscaconym_1y ago0 comments

A few weeks ago, I was unable to log in to Google on a new device with my 2FA token (Yubikey) because Google insisted on authenticating with a passkey/resident key, but the token had only been set up with non-resident TOTP or whatever it's called (and had been working properly in this mode for over a year). I was able to log in on another device and register the Yubikey with a passkey/resident key, but it was really scary! There is so much complexity here, and so little visibility and control afforded to users, that I feel very uncomfortable trusting it as my only login method for any moderately important service.

It's possible this was a Mac OS problem, but I don't think it really matters. Either way, this stuff needs to be absolutely rock solid and frictionless if normal people are going to use it safely, and it obviously isn't.

0 comments

int_19h1y ago

It's a Google sign-in workflow problem. I've seen the same issue more than once - for whatever reason it decides that this one way of signing in is the one that you want to use right now, and it can be impossible to back out until some timeout kicks in.

gunapologist991y ago

If even Google can't get it right...

int_19h1y ago

I'm not entirely sure Google is trying to "make it right" so much so as funnel users to its own products (i.e. Android devices and Google Authenticator).

j / k navigate · click thread line to collapse

0 pointscaconym_1y ago0 comments

0 comments

int_19h1y ago

gunapologist991y ago

If even Google can't get it right...

int_19h1y ago

I'm not entirely sure Google is trying to "make it right" so much so as funnel users to its own products (i.e. Android devices and Google Authenticator).

j / k navigate · click thread line to collapse