Is there a use case for passwords at all? Passwords have the downsides of being ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		janalsncm on Nov 23, 2022 \| parent \| context \| favorite \| on: “Invalid Username or Password”: a useless security... Is there a use case for passwords at all? Passwords have the downsides of being guessable and hackable, as well as forgotten. I’d like to avoid the “correct horse battery staple” malarkey if possible. In most cases, control of the account email is equivalent to control of the account because I can reset the password if I control the email. So it seems that magic links or OTPs are strictly better. Am I missing something?

djaychela on Nov 23, 2022 [–]

I think you are, yes. These situations spring to mind, all of which make email OTP a worse solution imo:

Shared account without both having access to email.

Email OTP is more time and effort than entering a password.

Email can be down.

You may not have access to email for another reason (different device, etc).

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact