Refresh…Refresh…Refresh…
Send new link…
Message arrives…
‘This link is no longer valid’
Comment on Passkeys Explained: The End of Passwords
artyom@piefed.social 4 months agoI’m not really concerned about the security of it. Moreso the inconvenience of having to open my email client, specifically on the same device, and then sit there and click the refresh button over and over, waiting for it to come through, and then having to go back and delete it after so there’s not even more clutter in my inbox…
filcuk@lemmy.zip 4 months ago
Septimaeus@infosec.pub 4 months ago
Honestly, convenience is security (change-my-mind lol) insofar as it measurably impacts rate of user adoption/adherence and thus outcomes.
It’s the annoyance you describe that leads most users to forego opt-in 2FA until it’s forced on them, for example.
Device-based PassKeys are the only near-universal mass-adoptable solution to that problem of convenience that I’ve heard proposed so far, although implementation has lagged until very recently.
artyom@piefed.social 4 months ago
Not at all. Typically they’re opposites. But I understand what you’re trying to say. More convenience leads to better security.
Passerby6497@lemmy.world 4 months ago
If it’s more convenient to be insecure than secure, users will pick insecure every time. There’s a reason there are so many bad password in the top passwords in breach dumps.
I have to tell myself every time I go through some of my login flows that inconvenience to me means more so to an attacker, but most people don’t have an adversarial mindset and just want it to work.
artyom@piefed.social 4 months ago
User inconvenience is not at all the same thing as security.
Septimaeus@infosec.pub 4 months ago
Yeah you get it. I just have a bone to pick with colleagues that embrace anti-user methods needlessly. Convenience = security is a “slow = fast” type of spiel.
sem@lemmy.blahaj.zone 4 months ago
Don’t forget the intermediary
Slow is smooth, and smooth is fast.