ubuntu-phone team mailing list archive
-
ubuntu-phone team
-
Mailing list archive
-
Message #09738
Re: Ubuntu One SSO Password and App purchases
On Mon, 2014-09-01 at 15:39 -0300, Martin Albisetti wrote:
> Leaving aside 2FA as the answer, as it's clearly not widely adopted
> (for its complexity?), what can we do to make this a bit better in our
> platform?
> Can we confirm purchases and other tasks that are frequently used
> somehow differently than with the account password, and encourage
> (and/or force) better passwords for the general account?
>
> To try and reduce the scope of the discussion, I'm mostly looking for
> proposals that would be implementable in the short or mid term, rather
> than changes that would require 6 or more months to implement across
> the platform (which we may need to, but I wouldn't want to start off
> that discussion here and now).
>
>
> Any other ideas?
Unfortunately, I'm having trouble thinking of anything that wouldn't
require significant work on the client side, and that doesn't involve
just sending users through a complex process of going to the web site.
Requiring a 2FA code (without logging in, but just using the one-time
passcode as a PIN), or a PIN, will require the user to actually
configure that after registering or logging in, making the process a bit
more complex.
References