i think these days the best practice for mobile apps re retention (other than sso or passkey) is to just ask for an email, then from the validate link continue with register
reason being that more steps to register means more ways people are likely to drop out of the flow, and this is basically about as short as it can be
when the user has validated their email, then they’re more invested so they are more likely to complete
that also fits nicely with what we’re talking about with good security
that was certainly in the back of my head the whole time… policy flip flop and lack of long term planning in modern politics is pretty much the norm anyway… but i think to encode that into a kind of standard way of operating is perhaps not a good thing… adding an extra layer that’s hard to undo before fixing the core problem is how the US got to where it is now
as an aussie that has a parliamentary system, and in that system has had a period where we frequently ousted the PM, it’s not that great of an idea
you want governments to be able to plan for the long term. really, even 4y is not great for long term planning because it kinda implies you need to show results before the term is up
we had a bunch of policy flip-flops during that period, which is very inefficient
i guess it doesn’t really matter if you get 2y no matter what: there’s no more after your 2y, but i think that’d lead to leaders doing a bunch of the “fuck it” last term stuff because they have no reason to make a good impression for their potential reelection
the french revolution was famously not about porcefully taking power from those in power
“not actively harmful” and “notionally the bare minimum” are pretty low bars and i’m glad that, for once in modern memory, mozilla cleared them
either… some apps have just started to do single factor login with just email, profile options can be optional, if there are required fields or terms of service to agree to then that can come after email validation