Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This is the biggest issue. It's not a loss of a single service, but multiple services that are all linked to that account.

It's bad enough when it's all of your Google or Microsoft or Apple services, but it's going to get worse. I'm convinced the whole passwordless movement isn't much more than a strategy for big tech to completely usurp control of identity. People on Hacker News might not get trapped because they understand enough to have some contingencies, but the average person is going to end up with their identity completely depending on having access to an account at one of the big tech companies.

Just wait until they lobby the government and get "Passwordless Login" pushed as a preferred way to access government services. Then they own us.



Consolidated identity and delegated authentication isn’t a conspiracy, it’s a customer driven and infosec driven feature. Managing your own passwords across sites and devices is widely considered to be a security failure with easily guessed reused passwords written in sticky notes or a notebook by the computer or in text files / spreadsheets on that computer.

And governments globally are already doing their own SSO services (the UK has had a version of this for 20 years) and some (Canada) are enabling partnerships with what they feel to be more secure sources of identity eg. online banking.

I think the fundamental problem with Google is that their policies are inscrutable. I wouldn’t rely on any one identity provider for everything I either, and would expect all services have a recourse for resetting your login settings when a particular provider no longer works for you.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: