One of my constant frustrations with many apps (web and mobile) is the constant need to confirm via OTPs, 2FA, etc., that I am indeed me when I'm in the same session for which I've already just done this less than a minute earlier.
Security — as opposed to security theatre — requires a more joined-up approach to architecture. This kind of annoyance highlights potential problems of organisational structure and process in the development organisation, unmanaged technical debt, etc.
Kevlin Henney
npub1z0…2w85k
2025-07-31 07:58:55 UTC
Author Public Key
npub1z048j58mvks5fjtpfv575qrp0ry6zanqjtl0jjgvmhy4mn6ghdlsq2w85kSeen on
wss://relay.mostr.pubPublished at
2025-07-31 07:58:55 UTCEvent JSON
{
"id": "288d99531cb3e723eaac4b15f45a9266e781c9cbc5b6af26626f188fcea6097e",
"pubkey": "13ea7950fb65a144c9614b29ea006178c9a1766092fef9490cddc95dcf48bb7f",
"created_at": 1753948735,
"kind": 1,
"tags": [
[
"proxy",
"https://mastodon.social/users/kevlin/statuses/114946784342366926",
"activitypub"
],
[
"client",
"Mostr",
"31990:6be38f8c63df7dbf84db7ec4a6e6fbbd8d19dca3b980efad18585c46f04b26f9:mostr",
"wss://relay.mostr.pub"
]
],
"content": "One of my constant frustrations with many apps (web and mobile) is the constant need to confirm via OTPs, 2FA, etc., that I am indeed me when I'm in the same session for which I've already just done this less than a minute earlier. \n\nSecurity — as opposed to security theatre — requires a more joined-up approach to architecture. This kind of annoyance highlights potential problems of organisational structure and process in the development organisation, unmanaged technical debt, etc.",
"sig": "009f4c27c41a6767a8615ad63d012592d745fd0ebcc2400d5a85cbf91c87e366f5be20ec3d3cd6459d8eff7f9a6f4af680b7a3ec2d0cc7d34714f0f26daebbd7"
}