2FA and password managers are a lousy design solution to password security. Just moves all risks upstream into a Grand Unified Metacatastrophe Risk: losing your phone or primary key device. There’s got to be a better way.
Is there no way to distribute the risks so losses are decoupled and localized? I think this situation is due to paranoid people designing diy systems for normies. Like compensating for bad autopilots in driverless cars with... heavier duty seatbelts.
Beginning to think mass cryptography is the interchangeable parts of the digital age, and its primary impact is inconvenience. Just like the primary impact of interchangeable parts is convenience. Except it is non-interchangeable identities.
“Modern conveniences” was a cliche for describing industrial mass production artifacts like refrigerators and vacuum cleaners. I’ll be using the term postmodern inconveniences for the effects of mass cryptography.
Though I guess once upon a time physical locks were rare too and people left homes open. And today I just locked up our bikes in new apartment complex bike room with a complex weave of chains and U-locks. Every tech era comes with locks and keys for the stack layer it adds 🤬
In some sense this is a micro manifestation of the broader pattern of technology society: we use tech to facilitate interactions (& scale the domain) that in previous eras would have relied on deep human trust. This separation atomizes humans, and increases fungibility of humans.
We increasingly become the interchangeable parts in other people’s lives.
You find it stark that you need locks for your bike. But your ancestors would have found it odder, by far, that you & your family sleep next to total strangers, separated by thin walls.
My approach has been to use multiple security keys whenever possible. Makes it less likely to be cut off. Of course...
Some sites only support one key.
iOS (and even Android) support is bad.
Doesn’t really solve the “how do I bootstrap access to my password manager” problem.