Comment by harshaw
2 days ago
My problem is that there is a reauth FOMA that gets copied with the most trivial of applications. A good example is the Electrify America charging app. It's job is to be available so you can charge. But they log you out frequently - and they want to do second factor with email. Guess what - that doesn't always work. My wife was trying to charge the other day, was logged out, and couldn't get the email verification to go through. So I had her login with my credentials and I answered the email verification and gave her the token over the phone. super annoying.
But more importantly- mobile phones already have good security mechanisms. It's like all these shitty apps copied web based auth mechanisms with timeouts when they could do something better (and probably are built on web technologies with cookies instead of using the trusted store on the phone).
There are precious few apps out there that tell you ahead of time that reauth is happening (Zoom does this - kudos). But even so - I don't think it's necessary most of the time.
I don’t need to charge often, but I’m logged out of every single one of my charging apps for that reason. They kick me out constantly.
If you want me to auth to make a payment when starting a session, fine. I’ll hate you, but whatever.
Nope. Can’t even get into the app. Want to see where their stations are? Too bad. Sign up, sign in, or hit guest mode and prepare to be annoyed.
I can stay signed into Amazon with a credit card set up for years at a time.
God forbid I ever want to charge a car.