| ▲ | DaiPlusPlus 5 days ago | |||||||
> Now everyone thinks they are the next Experian and tomorrow a million hackers are going to attack and steal everyone's private info. But this is demonstrably the case today... I don't think I've gone a week without hearing about some major data-breach. ...my own org got h4x0red a few months ago: our CEO didn't have 2FA enabled on his God-tier global-admin-rights OIDC/SSO login and somehow, someone found our internal login page, had a snoop around, found our Twilio account keys and sold them off to some spammer who then sent spam texts to our customers (fortunately our (immutable) access logs showed there was no further intrusion, but it was still an incredibly unsettling experience considering how uninteresting and un-sexy my SaaS day-job is). ...so if it can happen to me, a random fellow HN troglodyte, then it can happen to you; or the hospital down the street from my old office[1]. In conclusion: we're doomed. [1] https://therecord.media/seattle-fred-hutch-cancer-center-ran... | ||||||||
| ▲ | ndriscoll 5 days ago | parent [-] | |||||||
Except in the real world almost every gym I've used just gives you a keychain barcode with your account number and it works fine. You scan in and it checks whether you're current. Maybe shows your picture to a front door attendant on their computer. No complicated cryptography required. A gym requiring an app would be a hard no from me. I don't know why anyone (especially technical) would put up with that. | ||||||||
| ||||||||