Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Many sites like Google including my banking sites send me an email when a new IP / location is used for login.

This alerts if there is a sudden login without my knowledge and one click to disable.

23&me could have definitely done that to alert logins.

It is 100% on 23&me even though used id/passwords were used.

Genetic data is by definition extremely personal.



It's exposed as "new IP" to the end user but it hides a lot of logic about ISP IP address pools for specific regions, behaviour of other devices, etc. For someone like Google, that's easy to pull off, as a lot of people use it, and people use it daily. But it's harder to get this technology for someone like 23andMe where people log in less often, and its product has low penetration of internet users.


Just do it all the time then? If it's infrequent it's also not much of an hassle.

GoG and Steam do "email 2fa" and while it's annoying they do it anyway as they are a "risky" target, IIUC.


> Many sites like Google including my banking sites send me an email when a new IP / location is used for login

All of whom I already mentioned in the comment you are responding to




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: