Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Any time you add a "new" security gate to your product, it should be in addition to and not instead of the existing gates. Biometrics should not replace username/password, they should be in addition to. Security Questions like "What was your first pet's name" should not be able to get you in the backdoor. SMS verification alone should not allow you to reset your password. Same with this voice authentication stuff. It should be another layer, not a replacement of your actual credentials.

If you treat it as OR instead of AND, then your security is only as good as the worst link in the chain.




If you make your product sufficiently inconvenient, then you'll have the unassailable security posture of having no users.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: