Re: It has to be said
The master password situation might be solvable via solo dice keys
which will allow you to create a permanent cryptographic unguessable key based on a literal roll of dice. No worrying about remembering your master pw then. AS for the dice set? Well, don't lose your security key should become the norm along with don't lose your damn keys in the first place.
These guys know what they're doing, especially considering the solo key itself. Open source unlike Ubikey, and excellent security, definitely on the verge of passwordless login - problem? The number of sites actually adopting fido2 is pathetically low. Even Paypal, part of the goddamn fido alliance, does not have fido2 implemented, and they only allow 20 character passwords. If they were to allow it, my password would be 60 characters at least. As such I am relegated to one 3 times less secure (a brute force for a 20 character pasword certainly is no overnight effort, but it can be far easier than a password three times its length. If my Paypal were to get hacked in any way not caused by clicking on a phishing link or anything that I specifically would have triggered, that might be a valid negligence charge 9both on cause and effect and proximate cause principal).
Moral of the story? Sites need to get their ass in line nad adopt fido2. Stop trying to spare the feelings of the customers who don't want to spend $20 now to avoid many potential phishing damages down the line.
-- Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector