Ricky MondelloAug 4, 2025

It is a career goal of mine to get most of the technology industry to reconsider this strongly-held opinion. (This reply was in jest, but it’s genuinely how using technology feels these days.)

Instead of pledging allegiance to multi-{step,factor} authentication, new threat modeling should be done as we start to phase out passwords for people for people with device stability. If the first “step” isn’t fundamentally broken anymore, how many more do we need? (Some organizations and business will in fact need more.)
https://keyboards.social/@instantiatethis/114971772115292878

instantiatethis (@[email protected])

@[email protected] but more steps is more secure, everyone knows that Ricky!

Keyboards.Social
Show threadjelte
@rmondello There's people with device stability? This makes me realize I've been spending quite some time and effort making sure every single of my Fs can break without me being locked out of everything.
Aug 4, 2025 at 6:54pmWeb
Show threadWillAug 4, 2025

@jelte @rmondello There are not people with device stability. Phones get stolen, dropped, lost, break; laptops much the same; SSDs fail unreadable; even the server in your basement is subject to flooding, fires, power surges.

The problem with a lot of passkey discourse is that it doesn't have a good answer to what happens when (not if) someone loses device continuity. It doesn't matter how convenient and secure it is if a bad day hardware-wise can lock you out of your entire online existence.