These moves require a lot of consideration for who gets disenfranchised on the low end of things.
Anyone without a second device, especially a smartphone with a paid-up SIM card and talk/text/data line, they're going to have trouble receiving SMS MFA codes. There are a lot of homeless people in the library who need to get online for a lot of important reasons (and some unimportant ones too) and I fear that many will find themselves locked out by these optimistic, overly helpful "passwordless" defaults that set up passkeys and other things that can only be leveraged by relatively rich people, with completely rock-solid Internet access, as well as an SMS line and multiple devices.
I often muse at home how I would bootstrap from the loss of all my devices, or something similarly catastrophic. What are those key credentials to know and protect; how do I get into them; what sort of tangle has been created by squirreling stuff away into password managers and cloud storage?
It's always important to think about that. People often have federal assistance to apply for, housing assistance, Social Security, and taxes to pay, and often they have an Obamaphone with unreliable service, a nearly-dead battery, and a cracked screen. It is very important to consider people on the low-end here, even as cybersecurity is ramped-up.
Anyone without a second device, especially a smartphone with a paid-up SIM card and talk/text/data line, they're going to have trouble receiving SMS MFA codes. There are a lot of homeless people in the library who need to get online for a lot of important reasons (and some unimportant ones too) and I fear that many will find themselves locked out by these optimistic, overly helpful "passwordless" defaults that set up passkeys and other things that can only be leveraged by relatively rich people, with completely rock-solid Internet access, as well as an SMS line and multiple devices.
I often muse at home how I would bootstrap from the loss of all my devices, or something similarly catastrophic. What are those key credentials to know and protect; how do I get into them; what sort of tangle has been created by squirreling stuff away into password managers and cloud storage?
It's always important to think about that. People often have federal assistance to apply for, housing assistance, Social Security, and taxes to pay, and often they have an Obamaphone with unreliable service, a nearly-dead battery, and a cracked screen. It is very important to consider people on the low-end here, even as cybersecurity is ramped-up.