[TacticalCoder]

> It might possibly be a bad idea for everyone to consolidate all of the credentials and all of the auth flow mechanics for all of the things to a small handful of companies.

People have long lost the difference in meaning between "security" and "convenience". They now believe the two are interchangeable.

[scottlamb]

> People have long lost the difference in meaning between "security" and "convenience". They now believe the two are interchangeable.

Not sure they're wrong. There are so many IT departments and websites that force dumb practices which are detrimental to both: frequent password changes, required low-entropy recovery question options, etc. And then on the other side, some really convenient flows with reasonable security, e.g. streaming apps that show you a short temporary credential you can copy from your Roku's screen to your signed-in computer/phone rather than requiring you downgrade your permanent password to something easier to enter on the Roku keyboard. So while fundamentally you're right that "security" and "convenience" are in tension, in practice I think the bigger factor is competence and care of the dev and admin teams.

[lolinder]

In the real world they often are—complicated-but-secure processes usually lead to work arounds that are worse than if you had just planned for convenience from the beginning. The classic example of this is the sticky note with the password on it.

Securing a large organization populated by regular human beings is extremely difficult, and is an exercise in balancing theoretical security with convenience.

[zzyzxd]

I don't know how many people believe the two words are interchangeable (vs balancing factors), but one of your worst security nightmares could be when your employees fight against your security team. Making things inconvenience is one way to have it.

[thephyber]

I’ve never met anyone who has made this conflation.

Okta and 1Pass are incredibly well designed and the companies do all of the right things when it comes to security and audit processes.

[IG_Semmelweiss]

On the topic of security vs convenience, for someone looking to migrate from Lastpass as conveniently as possible, what are my options now that this event has ocurred ?