Hacker News new | ask | show | jobs
by fsfasfd 1 day ago
Do you remember when people had to "remember" a password for every service they use? It is better to use a trusted third party. Sure these third parties are big corporations, but its safer for most people to have a login that just works, even at the cost of some privacy.

People trying to remember passwords is a pretty bad security situation.

I'm not an expert but so often folks on here throw criticisms without giving credit to some of the merits of solutions. Nothing is perfect, and progress can still be made. :)
2 comments
chrisan 1 day ago
A password manager can both take care of remembering unique passwords and allow privacy options
link
rapind 1 day ago
Hard to convince users that they need to be using a password manager if you run a SaaS. Also when things like LastPASS getting hacked are on the front page... imagine advising people to use that one! (I'm guilty of recommending LastPASS many years ago, before their first breach).
link
fragmede 1 day ago
Good luck getting people to use one! Even when they do, the UX is a nightmare.
link
tossitawayplz 1 day ago
> its safer for most people to have a login that just works, even at the cost of some privacy.

Respectfully, I disagree in a time when all your data is being slurped up and resold constantly I hate any additional costs to my privacy.

> People trying to remember passwords is a pretty bad security situation.

But that's their problem, not mine. I'm an adult and I use a password manager.

link
fsfasfd 7 hours ago
I use a password manager as well. But, I think we are in the minority. It doesn't help that Apple keychain is a confusing mess however. If these things were designed better from the main providers it would be more widely adopted.

One issue I see all the time (for consumer level password managers) is that, for example, their browser has a password manager, but keychain interjects often. Then they don't know where their password was saved. On top of that, Keychain does some magic stuff to pair URLs to passwords, and then there's "Passkeys" built in. When it remembers password(s), passkeys, different URLs (not very human-readable), automatically remembers stuff, injects things: it's a tangled mess.

Go to a coffee shop and ask 20 people of different demographics whether they would prefer to use a password manager app or to log into sites using an existing social or email account. We have to protect the lowest-common-denominator in terms of technical literacy. Scammers are going after elderly, so unless you have a solution to protect them, it's not THE solution.

link