top | item 43849959

(no title)

mubou | 10 months ago

Holy shit, this could actually cause people to get permanently locked out of their accounts, depending on how the website is configured. Imagine not knowing your login credentials are stored in Place A and then you delete Place A, unwittingly deleting your only login along with it.

This is already a worrisome possibility with security keys -- if you have Windows Hello enabled, the dialog you get when adding a security key to an account might sometimes be to add it to your TPM, but it's not clear that's what Windows is asking so you might put your creds on your CPU while thinking that they're going on the Yubikey; imagine what happens then when you upgrade your computer?

Users need to know where their logins are stored. Making these things "transparent to the user" in the name of ease of use (treating users like toddlers) is the wrong approach. I realize the average user doesn't understand the technical side here, but that just means we need to do better as devs and designers, not throw in the towel and make decisions for the user.

discuss

hulitu|10 months ago

You are against progress. /s Google gonna make all of your nightmares come true Google gonna put all of her fears into you Google gonna keep you right here under her wing ...