Then there's not even any use for passwords. Just recovery mechanism.
-
-
Replying to @RichFelker @frioux
Workflow should look something like: I click amazon product link, get a new tab in anonymous context. Decide I want to buy or add to list...
1 reply 0 retweets 0 likes -
Replying to @RichFelker @frioux
Click sign-in button on browser toolbar. Browser tells me either I don't have sign-in for this site (maybe it's fake/I never used it) or...
1 reply 0 retweets 0 likes -
Replying to @RichFelker @frioux
...tells me I've visited it 268 times before and can switch to signed-in (start showing it mg cookies). No passwords anywhere.
1 reply 0 retweets 0 likes -
Replying to @RichFelker
Sounds great. Requires incredible change in both browsers and websites. Not something I can start doing in my organization any time soon
1 reply 0 retweets 0 likes -
Replying to @frioux
There are lots of things that can be done now, but which are possible depends on what role you're in.
2 replies 0 retweets 0 likes -
Replying to @RichFelker
Sure. Fwiw our sessions last effectively forever, but we do run into phishing problems often where con artists try to scam our customers. Incredibly hard to fix this via training of the users.
1 reply 0 retweets 0 likes -
Replying to @frioux
Including in emails "Reminder: we will never prompt you for your password except when you go to the main page and click login..." can help.
2 replies 0 retweets 0 likes -
Replying to @RichFelker
Though fwiw I think 2fa is a better option for staff, since training doesn't seem to work very well.
1 reply 0 retweets 0 likes -
Replying to @frioux
2FA works well in controlled enterprise type environment. Awful for personal users out in chaotic world.
1 reply 0 retweets 1 like
But either way it does nothing to kill off the awful "password culture" that's the source of phishing.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.