Hacker Newsnew | past | comments | ask | show | jobs | submit | mself's commentslogin

Doesn’t make any sound?


I think the author has mixed up underfitting and overfitting.


thanks for your interest, can you please elaborate.


6


Here’s another version that helps clarify it...

There are three doors, one has a prize and the other two are empty. You pick a door (say, Door 1). Monty then says that his assistant will move whatever is behind Door 2 (if anything) to Door 3. He then opens Door 2 to show you it is empty. Would you switch to Door 3? Of course you would.

But Monty’s assistant is lazy, so instead of moving the contents from behind one of the closed doors to the other, he just asks Monty to open the one that he knows is already empty. The result is the same.


Unlike what the OP stated, the key is NOT to list you phone number as an SMS 2FA recovery option. Only use the non-SMS options (e.g. app-based recovery, Google Authenticator, recovery codes). Adding SMS as an option makes your account less secure, not more.

Unfortunately, most sites do not allow you to turn off SMS recovery even if they offer other 2FA options.

Security is only as strong as the weakest link, and SMS is very weak.


The problem lies in that Google Authenticator is tied to a device, so if you upgrade it or lose it, you’re f’d. I also doubt many use/print recovery codes, and if they do, good luck finding them 7 years later.

Overall the situation isn’t great.


I just went through this situation with a couple non-Google companies when I upgraded my phone, not realizing that their authentication info wouldn't transfer when Google transferred my data to the new phone. I thought I had double-checked that I had everything, but this got missed.

It was a pain for all of them, but it was worst for the ones that I had no other auth systems set up. (Or the ones that had my old phone number for SMS still, even though I thought I'd changed it everywhere.)

In the end, there's still no good system for real security. You're either stuck with a device you might lose (or someone might steal), or stuck with an account that you might cancel (or someone might steal). Or use biometrics which are just not ready for prime time.


I encountered the similar problem the last time I upgraded. There are alternatives to Google Authenticator that offer backups and cloud syncs while maintaining security. andOTP on Android and OTP Auth on iOS. https://play.google.com/store/apps/details?id=org.shadowice.... https://apps.apple.com/us/app/otp-auth/id659877384


> The problem lies in that Google Authenticator is tied to a device, so if you upgrade it or lose it, you’re f’d.

You can save the QR code that was used during setup to repeat the onboarding at any time. You can also use Authy, 1Password, or another service that lets you store the one-time password somewhere else. Or use U2F devices when possible.


I would recommend saving the recovery codes in a password manager app (that is not your browser)


No, Google Authenticator is not tied to a device. It's a standard (TOTP, RFC 6238) and you just need to use an app (perhaps not Google Authenticator, I use a different app myself) that will let you see the numerical code that you need to save somewhere.


It’s tied to the device as in it won’t be part of your backup to a new phone.. you have to manually transfer it yourself which according to you is using another app!

So the likelihood of moving to a new phone without those codes transferred is very high. Not exactly an easy experience.


I still have my Google Account recovery codes in my wallet that I first generated in 2011.


Better not lose your wallet!

When you’re at Google scale, all of these methods have real world flaws.


Yes, it’s called Skack now.


I love the idea of making an approachable version of Ed Jaynes’s classic.


Stop calling it “rideshare”. The driver is a not “talking a ride” and “sharing” it with you. They are a paid driver. This is a taxi service — not a carpooling service.


Aren't you sharing the ride with other passengers?


How many Uber rides have other random passengers in it?


Uber pool is pretty popular


Uber pool and uber express. I mostly take these, they are so much cheaper.


You're sharing it with other passengers.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: