On Mon, 2014-09-01 at 15:39 -0300, Martin Albisetti wrote: > Leaving aside 2FA as the answer, as it's clearly not widely adopted > (for its complexity?), what can we do to make this a bit better in our > platform? > Can we confirm purchases and other tasks that are frequently used > somehow differently than with the account password, and encourage > (and/or force) better passwords for the general account? > > To try and reduce the scope of the discussion, I'm mostly looking for > proposals that would be implementable in the short or mid term, rather > than changes that would require 6 or more months to implement across > the platform (which we may need to, but I wouldn't want to start off > that discussion here and now). > > > Any other ideas?
Unfortunately, I'm having trouble thinking of anything that wouldn't require significant work on the client side, and that doesn't involve just sending users through a complex process of going to the web site. Requiring a 2FA code (without logging in, but just using the one-time passcode as a PIN), or a PIN, will require the user to actually configure that after registering or logging in, making the process a bit more complex. -- Mailing list: https://launchpad.net/~ubuntu-phone Post to : [email protected] Unsubscribe : https://launchpad.net/~ubuntu-phone More help : https://help.launchpad.net/ListHelp
