Indeed, the simpler it is, the better. I've also considered a "link google/microsoft/... account" kind of button, it was just lower on the priority list than a plain link sent per e-mail which covers a broader use case for both recovery and registering another device. The QR code is just a bonus sine it is just another representation of the URL.
Also, users are diverse. Even if we want to cater for older people too, there is no reason to neglect the younger generation. After all, scanning a QR code to add a device is simply convinient.
I hope that all the "clueless people" you talk about have a little sense for security though. Otherwise, they will fall victim to phishing, social engineering, password reuse or other account tokeover attempts. Especially if they are lazy and did not register a phone number, they are vulnerable. So isn't it a good thing for "not technology affine" people to offer them secure accounts by default, at the price of having them add another device or register a phone number?
Lastly, regarding convinience, isn't it annoying to have to redifine your profile on every website you visit, and put in your address again if you buy something on a new website or travel somewhere. With passwordless.ID, you'd have a central place and websites just ask for your data instead of filling forms each time again.
So, yes for convinience, and yes for making it as simple as possible. I'm actually putting some efforts and thoughts into that, without sacrifying security either. The "link it to other accounts" also makes sense in the future, even if it's just to grab the email and some profile information.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Indeed, the simpler it is, the better. I've also considered a "link google/microsoft/... account" kind of button, it was just lower on the priority list than a plain link sent per e-mail which covers a broader use case for both recovery and registering another device. The QR code is just a bonus sine it is just another representation of the URL.
Also, users are diverse. Even if we want to cater for older people too, there is no reason to neglect the younger generation. After all, scanning a QR code to add a device is simply convinient.
I hope that all the "clueless people" you talk about have a little sense for security though. Otherwise, they will fall victim to phishing, social engineering, password reuse or other account tokeover attempts. Especially if they are lazy and did not register a phone number, they are vulnerable. So isn't it a good thing for "not technology affine" people to offer them secure accounts by default, at the price of having them add another device or register a phone number?
Lastly, regarding convinience, isn't it annoying to have to redifine your profile on every website you visit, and put in your address again if you buy something on a new website or travel somewhere. With passwordless.ID, you'd have a central place and websites just ask for your data instead of filling forms each time again.
So, yes for convinience, and yes for making it as simple as possible. I'm actually putting some efforts and thoughts into that, without sacrifying security either. The "link it to other accounts" also makes sense in the future, even if it's just to grab the email and some profile information.