OCamlot - Whole-known-network

<a href="https://mastodon.social/@whitequark" class="u-url mention">@whitequark</a> <a href="https://hachyderm.io/@dalias" class="u-url mention">@dalias</a> <a href="https://orbital.horse/@emma" class="u-url mention">@emma</a> <a href="https://mastodon.social/@mcc" class="u-url mention">@mcc</a> - there are people who demonstrably cannot maintain continuity of access to a passkey vault; they require password-based access to services they use- these people are often in desperate and vulnerable situations- higher-security mechanisms like passkeys (and MFA) should *usually* not be mandatory, in part to accommodate such people- in certain scenarios, where higher security is required, requiring them is reasonable, which means those people get excluded

Posted on 31st of Dec 2024

Glyph glyph@mastodon.social

<a href="https://hachyderm.io/@dalias" class="u-url mention">@dalias</a> <a href="https://mastodon.social/@glyph" class="u-url mention">@glyph</a> <a href="https://orbital.horse/@emma" class="u-url mention">@emma</a> <a href="https://mastodon.social/@mcc" class="u-url mention">@mcc</a> fwiw I'm kind of in betweent these positionsGitHub or whatever is where development takes place frombut also, GitHub is where probably millions of people people grab .exe's from and run them unsandboxedI wouldn't want to be the vector through which someone else gets their life fucked

Posted on 31st of Dec 2024

Catherine whitequark@mastodon.social

<a href="https://mastodon.social/@whitequark" class="u-url mention">@whitequark</a> <a href="https://hachyderm.io/@dalias" class="u-url mention">@dalias</a> <a href="https://orbital.horse/@emma" class="u-url mention">@emma</a> <a href="https://mastodon.social/@mcc" class="u-url mention">@mcc</a> sorry I may have made too big a logical leap here, let me back up

Posted on 31st of Dec 2024

Glyph glyph@mastodon.social

<a href="https://mastodon.social/@glyph" class="u-url mention">@glyph</a> <a href="https://hachyderm.io/@dalias" class="u-url mention">@dalias</a> <a href="https://orbital.horse/@emma" class="u-url mention">@emma</a> <a href="https://mastodon.social/@mcc" class="u-url mention">@mcc</a> (this seems like a jarring strawman to me)

Posted on 31st of Dec 2024

Catherine whitequark@mastodon.social

<a href="https://hachyderm.io/@dalias" class="u-url mention">@dalias</a> <a href="https://mastodon.social/@glyph" class="u-url mention">@glyph</a> <a href="https://mastodon.social/@mcc" class="u-url mention">@mcc</a> presumably, yesas should hopefully be clear from my choice of Amazon for the example, I am not attempting to defend them. they suck!but in the real world where I may need to go to "Amazon dot com" to buy "food" so I can "not die" while I am "in extreme pain" this is a problem that can fuck me over really badly, and probably at some point will(afaik I've never got phished, but that's a "yet")

Posted on 31st of Dec 2024

Catherine whitequark@mastodon.social

<a href="https://hachyderm.io/@dalias" class="u-url mention">@dalias</a> <a href="https://mastodon.social/@whitequark" class="u-url mention">@whitequark</a> <a href="https://orbital.horse/@emma" class="u-url mention">@emma</a> <a href="https://mastodon.social/@mcc" class="u-url mention">@mcc</a> and at some point, you do have to just start discriminating against people. I think that unhoused people and refugees in camps need to be given dignity and respect and resources, but I also do not think that we should lead with giving them all administrative force-push access to the repos for openssh

Posted on 31st of Dec 2024

Glyph glyph@mastodon.social

<a href="https://hachyderm.io/@dalias" class="u-url mention">@dalias</a> <a href="https://mastodon.social/@whitequark" class="u-url mention">@whitequark</a> <a href="https://orbital.horse/@emma" class="u-url mention">@emma</a> <a href="https://mastodon.social/@mcc" class="u-url mention">@mcc</a> But passwords are WAY worse than I think you're realizing, even with extremely good password manager hygiene (which is punishingly difficult to maintain)

Posted on 31st of Dec 2024

Glyph glyph@mastodon.social

<a href="https://hachyderm.io/@dalias" class="u-url mention">@dalias</a> <a href="https://mastodon.social/@whitequark" class="u-url mention">@whitequark</a> <a href="https://orbital.horse/@emma" class="u-url mention">@emma</a> <a href="https://mastodon.social/@mcc" class="u-url mention">@mcc</a> I can think of a couple of sites where I've been able to ditch SMS 1FA in favor of passkeys. it's slow going because the biggest problem with SMS 1FA is incompetent financial institutions, and that's a problem that the auth vendors can't solve.I should note that there ARE people for whom device instability is so bad that they really shouldn't be using passkeys ( c.f. <a href="https://glammr.us/@jessamyn/113743765591001673" target="_blank" rel="nofollow noopener" translate="no">https://glammr.us/@jessamyn/113743765591001673</a> ) and educating those folks is a big challenge. They're not perfect.

Posted on 31st of Dec 2024

Glyph glyph@mastodon.social

<a href="https://hachyderm.io/@dalias" class="u-url mention">@dalias</a> <a href="https://orbital.horse/@emma" class="u-url mention">@emma</a> <a href="https://mastodon.social/@glyph" class="u-url mention">@glyph</a> <a href="https://mastodon.social/@mcc" class="u-url mention">@mcc</a> yes this is how they work

Posted on 31st of Dec 2024

Catherine whitequark@mastodon.social