|
|
|
|
|
|
by hannofcart
607 days ago
|
|
|
This is fair, though in my answer, I wasn't answering the question from the perspective of applicability for a general audience. For a general audience, even Bitwarden doesn't pass the "grandma check". If you've used Bitwarden for a while you have probably been met with a stern warning about "KDF Iterations too low". So I pitched the answer assuming "able to use Bitwarden" as a base level of tech savvy. Also, seeing as I am on HN, I assumed the following: 1. Security matters, even if it comes at a slight cost in convenience 2. User can figure out their own syncing mechanism |
|
|
I'm willing to give up convenience for security. But I do like to stress that we should try to have both as much as possible. It's a thing that is often forgotten and many times matters.
I'd definitely agree that it's not a big issue here, as password managers are more personal, though my general frustration is with things like communication where I need the other person to also be willing to make the same compromises. Though back with password managers, I do need things that at least pass the parent test (retiree but not old folks home) because their information leakage leads to my leakage regardless of my actions. So I still do think it's worth turning up the heat to push things this way.
As a different point (which I'm not trying to argue but point out) is that we also need to recognize momentum and the challenges it brings, especially to the less tech savvy. We can jump ship easily when tides change because we know how to sail on our own, but what about those that don't? I am sympathetic to those who think we just jump ship to ship because even when they follow when they look back it looks like everyone is fine. I think it's a really unfortunate issue and I think a much more difficult challenge to solve. I'm not sure if anyone has any ideas. OSS only makes it easy to jump ship, but it doesn't reduce the need to jump in the first place