[hedora]

Air-gapping the machine running a web browser from the machine that stores your passwords seems completely reasonable to me.

So does preventing people from plugging random USB devices into shared machines.

[konha]

Passkeys have a fallback flow where they show a qr code you can scan from the screen of the device you want to log in to. Requires bluetooth though to prove you are "near" the device. I guess that's also disabled on these hypothetical locked down devices?

[hedora]

I can't imagine that working correctly on a machine at a library.

Also, connecting via bluetooth defeats the purpose of air-gapping.

[keep_reading]

And yet all the non-technical folks you give this advice to will look at you like you have two heads. This is completely unreasonable unrealistic user-unfriendly advice

[hedora]

Many people use shared computers at our local library. I can afford a nice quiet office and big monitor at home, but many people cannot.

I imagine they either memorized their passwords, wrote them on a piece of paper, or stored them on an (air gapped from the library machine) cell phone.