Maybe if licensing costs weren’t ridiculous I wouldn’t mind.
$15/m/user is ridiculous. Charge me like $100 a year for the license and then like $1/m/user on top. It literally doesn’t matter much how many users there are for many programs, no extra resources for the company. And if it does use resources it’s usually not $15/m worth.
What’s the alternative? It would have to be something that wouldn’t work if the user was unconscious and that offered plausible deniability if they were awake and being coerced.
What, other than a password, offers that?
Relatedly, I don’t even know most of my passwords these days. I use a password manager (one that doesn’t require internet access) that generated random strings. I only ever see them if I accidentally paste them into the wrong field.
The real problem is there’s not really a better solution that works well for private accounts owned by individuals who only have a single device.
They say that authentication is using either something you know, something you have or something you are, but in the real world it ends up being something you’ve forgotten, something you’ve lost and something that you were at one time but are no longer
Passkeys rely heavily on at least one device remaining authenticated. You have to remember, the average user of a given web service does not have an ISP, they literally only have their phone and maaaaybe a decade old laptop that they haven’t turned on or charged since ordering plane tickets pre-pandemic. It is critical that any solution replacing passwords has to work for this average user who literally only has their current phone and trades in their phone every 1-4 years for another one, therefore they do not have a second authenticated device to verify when they get a new phone or their phone breaks and they buy a new one at the carrier store.
I’m happy to be proven wrong, but from my understanding of how passkeys are implemented, they will either lead to account lockout or rely on less secure authentication methods if the only authenticated device becomes inaccessible/inoperable
or just don’t use the same login information for everyone for a platform that way it doesn’t need to be publicly posted.
They probably wanted to save on licensing costs.
it’s always licensing costs.
don’t know how this is legal yet pirating software is illegal.
it’s not technically legal afaik… the license defines a user pretty rigorously
Command and conquer was da best. I mean I’ve started playing https://beyondallreason.info/ which Is a free open source RTS.
But damn the cutscenes were so cool.
Maybe if licensing costs weren’t ridiculous I wouldn’t mind.
$15/m/user is ridiculous. Charge me like $100 a year for the license and then like $1/m/user on top. It literally doesn’t matter much how many users there are for many programs, no extra resources for the company. And if it does use resources it’s usually not $15/m worth.
Then Jami and signal are free
Darmok and Chipotle at the mall.
https://jami.net/
https://signal.org/
It’s the 21c, passwords shouldn’t exist.
What’s the alternative? It would have to be something that wouldn’t work if the user was unconscious and that offered plausible deniability if they were awake and being coerced.
What, other than a password, offers that?
Relatedly, I don’t even know most of my passwords these days. I use a password manager (one that doesn’t require internet access) that generated random strings. I only ever see them if I accidentally paste them into the wrong field.
Certification.
Make once, prove everywhere.
The real problem is there’s not really a better solution that works well for private accounts owned by individuals who only have a single device.
They say that authentication is using either something you know, something you have or something you are, but in the real world it ends up being something you’ve forgotten, something you’ve lost and something that you were at one time but are no longer
We have passkeys now. They’re very effective
Passkeys rely heavily on at least one device remaining authenticated. You have to remember, the average user of a given web service does not have an ISP, they literally only have their phone and maaaaybe a decade old laptop that they haven’t turned on or charged since ordering plane tickets pre-pandemic. It is critical that any solution replacing passwords has to work for this average user who literally only has their current phone and trades in their phone every 1-4 years for another one, therefore they do not have a second authenticated device to verify when they get a new phone or their phone breaks and they buy a new one at the carrier store.
I’m happy to be proven wrong, but from my understanding of how passkeys are implemented, they will either lead to account lockout or rely on less secure authentication methods if the only authenticated device becomes inaccessible/inoperable