[effisfor]

Thanks for this. Related to it, does anybody have any resources showing the state of the art for non-tech audience to remember client generated private keys?

What are options? Password manager (most people I know don't use one), Browser keychain (no guarantee of sync between user devices), WebAuthn (same problem), IndexedDB or localstorage, (both can be purged, again, no sync).

Unless I'm missing something, I feel this is problem worthwhile solving as a community, it would unlock a lot of utility/privacy for the average web user.

Would love to hear any more qualified takes on this.

[ttyprintk]

Or base64 encoded as a document anchor in the url, like zerobin. This relies on bookmark storage (so, you start to worry about shredding such a key).

[ryukafalz]

IMO the recent announcement of synced WebAuthn platform authenticators that’ll be supported by major platforms is probably the closest thing, at this point.

[effisfor]

Thanks for this, I looked up recent Google I/O announcement, it had passed me by. iOS/MacOS has it in beta too, so you're right, we're getting close to half the problem improved.

[GoblinSlayer]

Derive the key from password.