|
|
|
|
|
|
by always_good
3022 days ago
|
|
|
The thing you're missing is that you're still at the mercy of the establishment with which you're authenticating. Just like how my 1024-character banking login password doesn't stop my bank from giving someone else my debit card. To suddenly arm a bunch of people with a new authentication paradigm like hardware keys would just result in a lot of people losing them and then having to go through the establishment's reauthentication channels anyways, which are the weakest link in these systems. And the influx of people needing account resets further degrades the security of the channel the same way you stop asking to see IDs when customers are paying with credit during the lunch rush. It's not a free lunch. |
|
|