What’s the alternative? It would have to be something that wouldn’t work if the user was unconscious and that offered plausible deniability if they were awake and being coerced.
What, other than a password, offers that?
Relatedly, I don’t even know most of my passwords these days. I use a password manager (one that doesn’t require internet access) that generated random strings. I only ever see them if I accidentally paste them into the wrong field.
What’s the alternative? It would have to be something that wouldn’t work if the user was unconscious and that offered plausible deniability if they were awake and being coerced.
What, other than a password, offers that?
Relatedly, I don’t even know most of my passwords these days. I use a password manager (one that doesn’t require internet access) that generated random strings. I only ever see them if I accidentally paste them into the wrong field.
Certification.
Make once, prove everywhere.