Opaque types in JavaScript: https://codemix.com/opaque-types-in-javascript/
Shows a nice compromise between wrapper types (stronger type guarantees) and primitive types (lots of functions already defined on the type).
miniblog.
Related Posts
SMS 2-factor authentication isn't super secure because it's too easy to call a phone provider and do a SIM swap.
It seems like a dedicated smartphone app is significantly better here? It's just as convenient for the user, but harder to compromise.
As blog comments become increasingly less fashionable, I've often seen people write "email me instead".
Perhaps there's a compromise between these? A website could have a comment box that emailed the author. This minimises friction for commenters, but avoids spam on the site.
I'm coming round to the view that services should avoid implementing their own username and password system. It's easy to screw up (cf crypto) such that a DB compromise leaks users' passwords for other sites.
It's also more convenient for users, who don't need a pw manager.