this post was submitted on 21 Aug 2024
1 points (51.6% liked)
Firefox
17952 readers
149 users here now
A place to discuss the news and latest developments on the open-source browser Firefox
founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
No, logins should be harder in order to be secure. Hence the addition of 2FA (which is also incompatible with your proposal).
As developers, we strive to make things more secure, not less, and unfortunately, good security always comes with the trade-off of less convenience for the user (larger entropy passwords, session expiration, captchas, etc).
Now, of course, it depends on how sensible the data in that account is. I wouldn't want this for my email account, for example, or online password manager, which are the entry gates to all my other accounts. The Kagi search engine offers the possibility to login on another device via a session URL which you can copy-paste. And this is fine, if the site / app clearly states the dangers, implemented it securely, tracks and lists the sessions and allows you to invalidate a session for all devices, and you are fine with potentially disclosing the data for that account (forgetting to log out, or disclose the session URL somewhere) - which is not much, as they don't log the searches, only the daily counts. And their use-case makes sense, people aren't used to authenticating in order to search something on the internet.
So, this should be an optional feature offering from the website / app, not built-in in the browser which would make it trivial to be abused by anyone.