I’m sure it’s a classic because people tend to latch on to any opportunity to start waffling after reading just the title. Ironically, you start your comment telling me I didn’t read yours and you end it with admitting that I address exactly that which you go on about. So which is it?
What bothers me most is that your solution is not realistic, you’re just proselytizing out of idealism but who is it really aimed at? Who’s going to self host a password manager? Uncle Jim and aunt Betty? You know what the average person is capable of? Writing down their passwords on a piece of paper, usually 4 separate ones with different versions for every time they’ve lost it. At best, they allow a key manager on their device to save a password when they enter it, and if the stars align and all their devices use the same OS and they authenticate, then maybe there is even some synchronization involved. That’s a lot of ands and maybes, but you suggest to ignore that and instead use a solution where they not only understand all those steps but also set it up for themselves.
The masses are not going to wake up one day with the know how to do these things, it’s not even going to happen gradually. I don’t even want to do it, and I was born with a computer and run servers for a living. What is going to happen is that solutions that are easy enough to use will become safe enough in order to minimize the risks. Anything else is a pipe dream.
I’m sure it’s a classic because people tend to latch on to any opportunity to start waffling after reading just the title. Ironically, you start your comment telling me I didn’t read yours and you end it with admitting that I address exactly that which you go on about. So which is it?
What bothers me most is that your solution is not realistic, you’re just proselytizing out of idealism but who is it really aimed at? Who’s going to self host a password manager? Uncle Jim and aunt Betty? You know what the average person is capable of? Writing down their passwords on a piece of paper, usually 4 separate ones with different versions for every time they’ve lost it. At best, they allow a key manager on their device to save a password when they enter it, and if the stars align and all their devices use the same OS and they authenticate, then maybe there is even some synchronization involved. That’s a lot of ands and maybes, but you suggest to ignore that and instead use a solution where they not only understand all those steps but also set it up for themselves.
The masses are not going to wake up one day with the know how to do these things, it’s not even going to happen gradually. I don’t even want to do it, and I was born with a computer and run servers for a living. What is going to happen is that solutions that are easy enough to use will become safe enough in order to minimize the risks. Anything else is a pipe dream.