• nul9o9@lemmy.world
        link
        fedilink
        English
        arrow-up
        19
        ·
        1 year ago

        I assume they mean there are no account credentials. When you “create” an account on their website, you’ll be given a random account number, and no password.

        • killeronthecorner@lemmy.world
          link
          fedilink
          English
          arrow-up
          14
          ·
          1 year ago

          Yeah this is what I meant. It feels so wrong but also makes complete sense.

          I think I’ve gotten used to the “safety” of setting my own password and always typing it with my email or username.

          But practically speaking they’re very similar and Mullvad’s is arguably safer

          • GenderNeutralBro@lemmy.sdf.org
            link
            fedilink
            English
            arrow-up
            4
            ·
            1 year ago

            I think of it more as “no username, only password”. Realistically, usernames are not expected to be secure or private, so this is effectively the same.

        • Obinice@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          What’s to stop somebody guessing your account number and gaining access? (Honest question)

          • nul9o9@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            There are lots of possible account numbers, much more than there are accounts. So there is a very small chance that you will guess an active paid account.

            And if you do, there’s not much you can get out of it. There’s no personal information tied to the account.

    • sixCats@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      I am surprised that they don’t provide UUIDv4’s, feels like what they provide is somewhat guessable

          • killeronthecorner@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            Nowadays, not so much. In the previous decades before password managers, card vaulting, apple pay and so on: yes, if you were typing it in or writing it on forms frequently, it wasn’t uncommon to just memorize it.

            My point though was that there is a limit to our ability to remember long and random alphanumeric strings, and I find credit card numbers to be that limit. UUIDs are longer and have a much bigger character set.

            • trashgirlfriend@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              I never put my cc in any password manager, but I also mostly just use it for online payments where I don’t mind taking out the actual card to type the number in

    • PixxlMan@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      To be fair, would it matter if someone got access to your account key? There isn’t really any data on your account is there (isn’t that the point)? It’d just let you connect to the VPN

      • killeronthecorner@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        They can use your secondary connection for free. It depends if that bothers you or not. If you’re already using both it could lead to disruption on your part I guess? Not 100% on that though