HN Poll: How strongly do you feel about having an email-free signup experience?

4 points by badrabbit ↗ HN
HN,

On a scale of 1 to 10,where 1 would be you completely hate the proposal and 10 is you absolutley like it, what do you think of this signup experience for your favorite services:

- Email is required at the registration page, but the user can uncheck a checkbox to waive the requirement.

- In order for a user to waive this requirement, a second factor of authentication (one time codes or a FIDO device) must be enabled.

- Account recovery, including for the second factor of authentication must be done using accoint recovery codes supplied to a user during registration. The user is advised to write down and/or store the codes in a secure location.

- At anytime, the user can provide an email address and optionally turn off two facor authentication.

Why?

- Email is not a good way to avoid spam bots (not in 2020 where it's cheap to rent captcha bypassing bot farms).

- If a user's email is compromised, all accounts that depend on email account recovery can also be compromised. Transfering risk this way in 2020 is bad engineering.

- Anonymous email services exist but they all eventually get banned by services, many of them also require phone or email addresses to use them and the ones that don't require credir card payment (not exactly anonymous)

- Services should respect the wishes of their users.

- I have tried every single free email provider while using a VPN. All of them required me to give up my phone number (now I have to get a burner phone!)

- Most people who dislike having to give up their email adresses don't know how to jump through all these hoops like a criminal just to use a service.

- For the service, there are people like myself that were stopped from signing up for a lot of services simply due to a phone or email requirement. This makes no sense given how email does not help much by itself with preventing fraud and it actually reduces account security!

How do you feel about this?

3 comments

[ 3.0 ms ] story [ 15.5 ms ] thread
ProtonMail doesn't require a phone number, does it? Or even Yandex might be an option if you just want a persistent email address distinct from your regular ones, and you don't necessarily care if it's secure or not.
Both did when I tried them while connected through protonvpn. Not sure about yandex but proton requires credit card payment or phone number even wihout a VPN IP. I use to use yandex a few years ago, they let you sign up now but if you don't give phone number or recovery email at sign up, emails won't show up at your inbox and the ones you send will silently not be delivered.
Why enforce the second factor authentication?

The main reason that I wouldn’t want to be using an email address is because I want the account to be disposable.

Just make it that if I don’t have a second factor for recovery, there is no recovery.