Others beat me to the punch on saying this is just worse WebAuthN, but there are some specific flaws that boil down to saying that this whole thing is, at best, totally inconsiderate of real attack vectors such as phishing

Online Login: On supported platforms, log in with your ‘Sign’ rather than your email address. The service checks for a corresponding email in their database that produces the same hash with the chosen algorithm/options. Services can eventually replace emails with ‘Signs’ for regular users.

Enhanced Privacy: Limits the need to share email addresses, reducing spam and data breach risks.

Huh? What does this even mean? How can you avoid sharing your email and replace it with a sign, if they need to check it against their database of… Emails?

Real-Life Usage: In physical stores, use your QR-art ‘Sign’ when asked if you have an account/booked at table.

Ah excellent. Someone can just look at a security camera or just snap a photo over your shoulder and steal your sign then. Because your proposal sure doesn’t note any way that these are 1-time use only. And if they were, this sounds like an awfully inconvenient way of receiving a temporary number (which sites usually only ever do as a cheap/bad 2FA method/password resets)

Email Verification: Receive a unique link via email, confirming your email’s validity.

Oh boy, better make sure to not get phished! Or that the link is 1 time use! Or that you aren’t being victimized by a MITM attack and getting it intercepted immediately!

This sounds like a less secure passkey.

Edit: Passkeys use WebAuthN

Create a post

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

  • 0 users online
  • 57 users / day
  • 383 users / week
  • 1.5K users / month
  • 5.7K users / 6 months
  • 1 subscriber
  • 3K Posts
  • 75.4K Comments
  • Modlog