tech giants: let’s push to get rid of passwords and use tech so people can sign in through their phones!
me: i only see negatives!
i mean firstly not everyone has a phone and you’d be locking anyone who doesn’t out of everyone
secondly how can you use your phone as 2fa if it’s your only authentication
thirdly passwords can be really secure the issue here isn’t get rid of them it’s get people to use a password manager. this is like. “public transport is bad because the train platforms are dangerous, so we are gonna get rid of public transport all together”
and ofc there’s the whole privacy thing because it removes your ability to not have all your accounts connected together, wanted an account to not be known as yours by tech giants? shucks sorry not allowed
techpost, security
the goal is to combine "information you have" with "object you have".
If this is in response to the GitHub announcement: I'm pretty sire they let you use other TOTP approaches like a Yubikey or alternative TOTP app. You don't need to use a phone number.
