| ▲ | rsanheim 9 days ago | |
The worst part about this is it just further reinforces horrible habits and expectations. Using a modern password manager, like 1password, is _easier_, safer, and faster than the stupid email-token flow. it takes a little bit of work and attention at first to setup across a couple devices, and verify it works.... but its really about the same amount of effort as keeping track of a set of keys for your house, car, and maybe a workplace. If you make a copy of a door key when you move into a new place, you test the key before assuming it works. Same thing with a password manager. Save a password on your phone, test it on a different device, and verify the magic sync works. Same as a key copier or some new locks a locksmith may install. Humans can do this. You don't need to understand crypto or 2fa, but you can click 'create new password' and let the app save some insanely secure password for a new site. Same with a passkey, assuming you don't save to your builtin device storage that has some horrible, hidden user interface around backing that up for when your phone dies. And the irony is the old flow just works better! You let the password manager do the autofill, and it takes a second or two, assuming their is an email _and_ a password input. Passkeys can be even faster. | ||
| ▲ | vpribish 9 days ago | parent | next [-] | |
that little bit of work and attention is too much for most people. I'm as frustrated about this as you are, but there is a large class of people who will not or can not understand and implement the password-manager workflow. Of the people I know who are not in a tech career i'd say about 80% have nothing but contempt and ignorant fatalism toward security. The only success I've had is getting one older relative to start writing account credentials down in a little paper notebook and making sure there are numbers and letters in the passwords. | ||
| ▲ | ThunderSizzle 6 days ago | parent | prev [-] | |
> Using a modern password manager, like 1password, is _easier_, safer, and faster LastPass got hacked a few years ago and the few passwords my wife had on it were pwned immediately. These cloud companies lost my trust after that. I'd only trust offline password managers, eg KeePass. Never let me down yet. | ||