I actually think passwords are ...troublesome. Mainly because of two reasons: phishing and password re-use. Sure, password managers avoid that, but it has its own risk too IMHO since it basically holds all your passwords in clear-text. If malware creeps in the device, I fear the "comfort" of the password manager will be your doom.
Somehow, the webauthn protocol is similar in idea. It's like your device bound password manager... But 1. it's protected by biometrics/PIN to "use" it each time and 2. you can never access the private keys themeselves, only sign payloads with it. It's simply more secure.
If I understand you right, your biggest gripe is syncing/transferability. While I also wonder if centralized/decentralized is an issue for you. Out of curiosity, what would you think about a solution like that: dev.to/dagnelies/registerlogin-wit... ?
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I actually think passwords are ...troublesome. Mainly because of two reasons: phishing and password re-use. Sure, password managers avoid that, but it has its own risk too IMHO since it basically holds all your passwords in clear-text. If malware creeps in the device, I fear the "comfort" of the password manager will be your doom.
Somehow, the webauthn protocol is similar in idea. It's like your device bound password manager... But 1. it's protected by biometrics/PIN to "use" it each time and 2. you can never access the private keys themeselves, only sign payloads with it. It's simply more secure.
If I understand you right, your biggest gripe is syncing/transferability. While I also wonder if centralized/decentralized is an issue for you. Out of curiosity, what would you think about a solution like that: dev.to/dagnelies/registerlogin-wit... ?