Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> I don't love this either, but it's basically the same inconvenience as having multi factor authentication turned on.

MFA usually uses channels that are intended to be relative low latency (or that don't require realtime out-of-band transmission, like TOTP).

Email, OTOH, isn't generally reliably low-latency



Is there a technical detail of email that I don't know about that makes it less low-latency than a text message?

Email or text would work the same for this auth scheme anyway.


tangent: SMS doesn't have the security needed for most things. We can let it be a part of auth when combined with another factor, albeit begrudgingly.


E-mail, especially when the MTA and MUA is connected to different environments, which requires relaying, could be particular slow (minutes, hours) if the e-mail hops on busy services.


SMS can be delivered days late. It isn't any better than email.


And as I discovered in my own service: If the SMS aren't being sent - or the clients aren't getting them - there are so many parts involved that's really hard to pinpoint the problem and get an ETA for the solution..




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: