Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> Remember when the internet of military contractors got exfiltrated because the CI/CD pipeline of a firewall vendor got breached? Guess what their password was: solarwinds123

So I get to be punished because of incompetent military contractors?



You seem to not even read my argument.

Opsec is about reducing risk from one potential breach to not affect other parts of your life.

Assuming you never made a mistake in your online life is a foolish assumption.


I read it. My point isn't that this is bad. My point is that it's a solution that imposes a large enough burden on at least some people that it's not automatically an unambiguous win. For me, it represents a large enough burden that if it were forced on me, I'd just stop using the web sites doing so.

Which, you have to admit, is the most secure option. All security measures represent a tradeoff, and sometimes that tradeoff is not worth it.


> My point is that it's a solution that imposes a large enough burden on at least some people that it's not automatically an unambiguous win.

That to me is the problem with Passkeys. They are not an unambiguous win.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: