[JohnFen]

> we had (and still have today) all the technology required to build genuinely secure systems.

True, but if we actually did that, it would make those systems very unpleasant to use. The age-old tradeoff of security vs convenience is still as much a force today as is always has been.

Having technically the tightest possible security is not always the right answer. The right answer is whatever balance people are willing to work with for a particular use case. There's a reason that most people don't secure their houses by removing all windows and installing vault doors.

[j5155]

I’d disagree that there has to be a trade off at all. Using hardware security keys or device based passkeys, secure authentication is actually pretty convenient now.

[JohnFen]

I disagree that hardware security keys or passkeys are more convenient. I ditched them because they greatly complicated authentication for me.

[j5155]

Interesting; I have had the opposite experience. Many websites will directly enroll my Yubikey and will even let me use it instead of a password, and logging in is as simple as touching the button at the prompt. It’s honestly much simpler then using a password for me, and MUCH more convenient then pulling out my phone for 2fa codes (especially for the university site’s painfully short session times)

[tessierashpool]

yeah, the assertion is entirely false. there doesn't need to be any such tradeoff.

there's probably a term for the cognitive fallacy where you assert that however it happens to be is how it had to be. it's like normalcy bias, but retroactive.

[JohnFen]

> there doesn't need to be any such tradeoff.

Maybe you're right. I've certainly heard others make this claim. I just personally haven't seen a real-world example of this being true.