zlacker

[return to "Do not download the app, use the website"]
1. wouldb+Ha[view] [source] 2025-07-25 23:27:34
>>foxfir+(OP)
I understand but it’s not always with bad intentions.

In the Netherlands we have a system called DigiD to login into to most government websites like your taxes and city, etc.

When I contracted for the city of Amsterdam I learned they’ve been pushing hard for the DigiD app to two factor authenticate instead of text message, because of contracts Digid charges a lot per text message validation and none for app.

◧◩
2. msgode+af[view] [source] 2025-07-26 00:06:55
>>wouldb+Ha
This could have just been TOTP.
◧◩◪
3. frollo+Cg[view] [source] 2025-07-26 00:18:52
>>msgode+af
TOTP standard made sense, but mainstream implementation was user-hostile at the start with stuff like Google Authenticator not letting you copy keys, then afterwards still making it unclear under what circumstances they're backed up. Nowadays it's user-unfriendly at best.

I like how we went full-circle to Passkeys which are basically a "remember me FOREVER" button, implemented kinda like SSH keys. Should call it that too, and also ditch the like 4 prompts it gives you first.

◧◩◪◨
4. msgode+4v[view] [source] 2025-07-26 03:05:49
>>frollo+Cg
>"remember me FOREVER" button, implemented kinda like SSH keys.

Here's a better idea: just use openssh or at least openssh's key formats since none of the big companies can manage anything better.

◧◩◪◨⬒
5. frollo+sv[view] [source] 2025-07-26 03:11:16
>>msgode+4v
That would've been nice, cause instead Passkeys are kinda locked into whatever walled garden you chose.
[go to top]