Conversation

2FA and password managers are a lousy design solution to password security. Just moves all risks upstream into a Grand Unified Metacatastrophe Risk: losing your phone or primary key device. There’s got to be a better way.
14
88
Is there no way to distribute the risks so losses are decoupled and localized? I think this situation is due to paranoid people designing diy systems for normies. Like compensating for bad autopilots in driverless cars with... heavier duty seatbelts.
1
11
Beginning to think mass cryptography is the interchangeable parts of the digital age, and its primary impact is inconvenience. Just like the primary impact of interchangeable parts is convenience. Except it is non-interchangeable identities.
3
9
“Modern conveniences” was a cliche for describing industrial mass production artifacts like refrigerators and vacuum cleaners. I’ll be using the term postmodern inconveniences for the effects of mass cryptography.
1
8
Your online identity is a thing you own like a car or home. Comes with all the maintenance hassles but no guaranteed capital asset type value.
2
22
Though I guess once upon a time physical locks were rare too and people left homes open. And today I just locked up our bikes in new apartment complex bike room with a complex weave of chains and U-locks. Every tech era comes with locks and keys for the stack layer it adds 🤬
2
16
Replying to
Sadly that pretty much is 2FA. Although, well, actually it's just 2FA on your primary email account (and not listening to "opsec geeks" although maybe to people who have to do actual opsec)
Quote Tweet
I tell folks that if you do NOTHING ELSE to secure yourself, make sure your primary email account has a strong passphrase that you don't use anywhere else, and turn on two-factor authentication, any kind, doesn't matter. With that, you're so far ahead of the game, it's unreal twitter.com/j_opdenakker/s…
Replying to
Less highly personal information spread across communal uses. Why does the app for your refrigerator need a password? Why does it need to confirm it is you with high confidence? Why does it need all of the information it collects?
1