@jessamyn @nelson I keep thinking it might be great for us to make an implementer’s guide for passkeys for folks who want their products to be more inclusive of those with limited connectivity or devices
Conversation
Notices
-
Embed this notice
Anil Dash (anildash@me.dm)'s status on Sunday, 24-Mar-2024 11:55:49 JST 
Anil Dash
-
Embed this notice
Jessamyn (jessamyn@glammr.us)'s status on Sunday, 24-Mar-2024 11:55:50 JST 
Jessamyn
@nelson @jessamyn I totally understand the security implications of these peoples' choices in these situations, but I also think it's the result of websites that want to offer a service that everybody uses but also don't want to offer any human support for those services. I think there're probably ways to solve this problem at least somewhat but it can't just be adding more layers of security unless you want to be honest that you're OK locking out 10% of everybody
-
Embed this notice
Jessamyn (jessamyn@glammr.us)'s status on Sunday, 24-Mar-2024 11:55:51 JST
Jessamyn
@nelson @jessamyn The most heartbreaking part is that at least some websites have some fraud detection algorithms that can go off if somebody is trying to reset their password from an unfamiliar IP address. And many times these people have only ever checked their email from home but now they're trying to get help at the library and they get locked out of their own accounts.
-
Embed this notice
Jessamyn (jessamyn@glammr.us)'s status on Sunday, 24-Mar-2024 11:55:52 JST
Jessamyn
@nelson @jessamyn They usually have passwords that fit the requirements and write them down in books. Some of them don't have mobile devices and so they'd have to get a phone call at a landline or get a message to their email which maybe they can't check if they're not at home. Which makes getting tech-support at the library fairly difficult. A lot of these people only use two factor authentication where it's absolutely necessary.
-
Embed this notice
All GNU social JP content and data are available under the