Hacker News new | past | comments | ask | show | jobs | submit login

The next time you forget a password and need to reset it, how likely are you to be willing to wait three days?



> The next time you forget a password and need to reset it, how likely are you to be willing to wait three days?

10 minutes like others suggested is way too short that said: this wouldn't catch attacks happening at night.

But to answer your question: it really depends what it is that you are protecting. For most sites I use by very far I don't see how 72 hours without access would be that problematic. Not logged in to StackOverflow for 3 days? Not a problem. Not logged in to HN for 3 days? Not a problem. Not logged in to Twitter for 3 days? I can live with that. Etc.

The question is: how much convenience are you willing to trade for security?


Ten days is better than forever, FWIW, which is something that many websites do.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: