|
|
|
|
|
|
by justsomeadvice0
1066 days ago
|
|
|
> doing basic entropy checks on a user-provided password pretty much solves the issue anyways. No it does not. Users will find one high-enough-entropy variant of their password, and reuse it across all sites for life. > Authentication is pretty much a solved problem Hrm. It might be solved for you and users like you - but it depends on your site's demographics: most internet users on the whole will not know anything about encrypted "password lockers" and "physical Webauthn tokens". Browser-managed passkeys, on the other hand, stand some chance of being easy enough to use while enforcing good security and high entropy secrets, but lack widespread adoption so far. |
|
|