Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mastodon.social/users/glyph/statuses/113746709395702511">Glyph (glyph@mastodon.social)'s status on Tuesday, 31-Dec-2024 18:30:41 JST</a><a href="https://mastodon.social/@glyph" title="glyph@mastodon.social"><img src="https://gnusocial.jp/avatar/19724-48-20221108060713.webp" width="48" height="48" alt="Glyph" style="position: absolute; left: 0; top: 0;">Glyph</a><div><a href="https://gnusocial.jp/notice/8379337" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/40873" title="dalias@hachyderm.io">Rich Felker</a></li><li><a href="https://gnusocial.jp/user/105710" title="whitequark@mastodon.social">✧✦✶✷Catherine✷✶✦✧</a></li><li><a href="https://gnusocial.jp/user/150413" title="emma@orbital.horse">Emma Builds 🚀</a></li></ul></div></section><article><p><a href="https://hachyderm.io/@dalias">@dalias</a> <a href="https://mastodon.social/@whitequark">@whitequark</a> <a href="https://orbital.horse/@emma">@emma</a> <a href="https://mastodon.social/@mcc">@mcc</a> I can think of a couple of sites where I've been able to ditch SMS 1FA in favor of passkeys. it's slow going because the biggest problem with SMS 1FA is incompetent financial institutions, and that's a problem that the auth vendors can't solve.</p><p>I should note that there ARE people for whom device instability is so bad that they really shouldn't be using passkeys ( c.f. <a href="https://glammr.us/@jessamyn/113743765591001673" rel="nofollow">https://glammr.us/@jessamyn/113743765591001673</a> ) and educating those folks is a big challenge. They're not perfect.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4286579#notice-8379419">In conversation</a><time datetime="2024-12-31T18:30:41+09:00" title="Tuesday, 31-Dec-2024 18:30:41 JST">about a month ago</time> <span>from <span><a href="https://mastodon.social/@glyph/113746709395702511" rel="external" title="Sent from mastodon.social via ActivityPub">mastodon.social</a></span></span><a href="https://mastodon.social/@glyph/113746709395702511">permalink</a><h4>Attachments</h4><ol><li><article><header><div>No result found on File_thumbnail lookup.</div><h5><a href="https://glammr.us/@jessamyn/113743765591001673">Jessamyn (@jessamyn@glammr.us)</a></h5><div> from <span>Jessamyn</span></div></header><div>@MrWeg@mastodon.world @rmondello@hachyderm.io I live in a world (rural VT) where people have a lot of device instability and I'm increasingly having to help them navigate *around* passkeys. They are so much more likely to lock themselves out of something they care about than they need that level of security. Like, I get it, insecure accounts are bad for everyone in the network/platform but there has to be a way to account for the fact that a lot of people are a lot worse with tech than devs think.</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Glyph (glyph@mastodon.social)'s status on Tuesday, 31-Dec-2024 18:30:41 JSTGlyph
in reply to
@dalias @whitequark @emma @mcc I can think of a couple of sites where I've been able to ditch SMS 1FA in favor of passkeys. it's slow going because the biggest problem with SMS 1FA is incompetent financial institutions, and that's a problem that the auth vendors can't solve.
I should note that there ARE people for whom device instability is so bad that they really shouldn't be using passkeys ( c.f. https://glammr.us/@jessamyn/113743765591001673 ) and educating those folks is a big challenge. They're not perfect.
In conversationabout a month ago from mastodon.socialpermalink
Attachments
1. No result found on File_thumbnail lookup.
  Jessamyn (@jessamyn@glammr.us)
  from Jessamyn
  @MrWeg@mastodon.world @rmondello@hachyderm.io I live in a world (rural VT) where people have a lot of device instability and I'm increasingly having to help them navigate *around* passkeys. They are so much more likely to lock themselves out of something they care about than they need that level of security. Like, I get it, insecure accounts are bad for everyone in the network/platform but there has to be a way to account for the fact that a lot of people are a lot worse with tech than devs think.

Public

Embed Notice

HTML Code

Corresponding Notice