Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ask HN: Why isn't time more a part of account recovery?
2 points by jmward01 52 days ago | hide | past | favorite | 2 comments
I don't have a blog so I don't have some polished think piece on this, just an honest question to the HN crowd. Why isn't it standard practice to have a 'reset cool-down' or something similar on accounts? I want to be able to say have X + Y = primary auth but backup Z (which is presumably less secure) is allowed only a successful login means a 48 hour cool down before you can fully log in (and presumably fix your primary auth mechanism). I am thinking of doing this for a site but don't see it as a best practice and was wondering why.


I think Google has a similar setup. You have to try to login correctly, wait like 1 or 2 weeks and login correctly again from the same computer.


Same reason we don't have IPv6 everywhere. It's too hard to for most devs to implement it into whatever they're already living with.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: