Npm can't force people to use password manager

diggan 5 days ago | parent | next [-]

Nor does TOTP+password lock you to one authentication provider indefinitely. Tradeoffs :)

maltee 5 days ago | parent | next [-]

You can always register a new passkey with the site if you want to switch authentication providers, can’t you?

	▲	diggan 5 days ago \| parent [-]
		Yeah, I guess that'd work if I had a couple of accounts, but since there a bunch of them, I really need proper import/export to feel comfortable with moving to it. I just know I'd punt the task of migrating everything if I have to go account-by-account to migrate away. Considering that today it'd add work for me today, and future work, with no additional security benefits compared to my current approach, it just don't seem worth it.

vel0city 5 days ago | parent | prev [-]

I've got passkeys from multiple "authentication providers" available on all of my devices. This isn't a tradeoff.

ljlolel 5 days ago | parent | prev [-]

You can if you just force passwords longer than people can memorize or even want to write down (assigned 24+ characters)

	▲	koakuma-chan 5 days ago \| parent \| next [-]
		It's just gonna be on a sticky note hanging on the screen or under keyboard
	▲	hu3 5 days ago \| parent \| prev [-]
		careless people just copy paste those