|
|
|
|
|
|
by xj9
2841 days ago
|
|
|
this is more of a "using passwords" problem than a "decentralized web" problem. password recovery is a band-aid fix over the real password management problem. i think key-based capability security is the future, but it isn't possible without first moving away from passwords. i think the UX for a completely keychain-centric auth/authz framework can be much better than what we have today with password managers. a master password + device-entangled PINs protecting per-app/agent keys drastically reduces the possibility of getting locked out of your account AND provides for master password reset by unlocking and re-encrypting your keychain using the local device-entangled key. |
|
|