|
|
|
|
|
|
by beatgammit
2405 days ago
|
|
|
Before pushing stuff like TOTP, we need to get everyone on board with using a password manager correctly. I use one and it's a quality of life improvement as well as a security improvement. I only have to remember one password, and I have all of my credentials on my phone and my browser. It's set to automatically lock after some minutes, so I'm secure most of the time. I just checked and I have over 100 passwords in my password manager, and there's no way I would be able to have a unique password for each one and remember them all. It's a bit of an "eggs in one basket" situation, but given that people tend to use the same password everywhere, I see it as strictly a step up since it's much less likely for your password manager to be compromised (targeted attack in most cases) than for a site to be hacked. Once everyone is using password managers consistently, then we can start to talk about TOTP and other 2FA tools, and at first only use it to secure the password manager. Once we solve the password manager problem, most other problems go away. You don't need to reset passwords if you have it in your password database (your computer won't forget it). You don't have to come up with passwords that match some arbitrary set of requirements, you let your computer do that. If you get recovery codes, stick them next to your passwords in your password manager. If there's a breach, your password manager can likely tell you which accounts are affected, and you can just change those instead of every site that you use that password on. So yeah, 2FA is nice, but improving how people use the first factor is far more important and actually makes peoples' lives easier. |
|
|