After talking this through with many non technical people, I have become of the opinion the shame is ours. Why do we keep pushing this patently unsafe authentication mechanism? It should never have been allowed in the first place, but now with hardware keys readily available there really is no more excuse. I understand there is a first mover disadvantage to disallowing password-only auth, but that’s on us. Our collective timorous prevaricating is to blame for the misuse of passwords by end users. Because, unlike them, we do know better.
It's a shame that operating systems exist with no functioning system-wide API for authentication, let alone storing passwords.
That would change things.
Just look how Apple now inserts long random passwords in registration forms and immediately saved it. That's how users will use secure authentication. By helping them, not telling them to do better on their own.
Backups. Either in backuping the data, or in enabling several tokens for the same service.
The problem is that the first one is frowned upon for good reasons (but maybe not as good as they seem), while nobody supports the second one. So, yes, currently depending on hardware keys is dangerous.
The same as real keys: you make a copy. If you don’t, you have to call someone to get it fixed, which is an expensive hassle. It’s an intuitive model that everyone already groks. No fragile user re-education necessary.
and when the fingerprint database is stolen and shared with multiple adversarial parties? they now have your password and its gonna be hard to update / change yours.
This happened with the opm hack and a big one in India or Indonesia or something not too long ago I think.
go to some random video chat, and record the reactions when you offer full data on some plain nothing to hide person, then show that to those with nothing to hide
In my experience there is a realization that its not about hiding your data, its about hiding from a particular type of netizen that amplifies to an extreme