2FA and password managers are a lousy design solution to password security. Just moves all risks upstream into a Grand Unified Metacatastrophe Risk: losing your phone or primary key device. There’s got to be a better way.
Conversation
Replying to
Is there no way to distribute the risks so losses are decoupled and localized? I think this situation is due to paranoid people designing diy systems for normies. Like compensating for bad autopilots in driverless cars with... heavier duty seatbelts.
1
11
Beginning to think mass cryptography is the interchangeable parts of the digital age, and its primary impact is inconvenience. Just like the primary impact of interchangeable parts is convenience. Except it is non-interchangeable identities.
3
9
“Modern conveniences” was a cliche for describing industrial mass production artifacts like refrigerators and vacuum cleaners. I’ll be using the term postmodern inconveniences for the effects of mass cryptography.
1
1
8
Every opsec geek has a great solution: for opsec geeks. We need a solution for somewhat careless mediocre types.
3
2
17
Password managers, ubikeys, 2FA apps: the earliest postmodern inconveniences.
1
10
Your online identity is a thing you own like a car or home. Comes with all the maintenance hassles but no guaranteed capital asset type value.
2
2
22
Though I guess once upon a time physical locks were rare too and people left homes open. And today I just locked up our bikes in new apartment complex bike room with a complex weave of chains and U-locks. Every tech era comes with locks and keys for the stack layer it adds 🤬
2
3
16
Replying to
For the average person, their highest risk is reusing passwords everywhere and having a Grand Unified Metacatastrophe when one of those sites gets hacked.
Password manager (w/ rand pw's) reduces this risk to zero. Likelihood of pw manager compromise is much lower
3
1
5
Replying to
The cost of that risk mitigation is maintaining a bit of high-stakes infrastructure in personal life
1
1
Show replies

