Comment by diggan
19 days ago
If you're saying something is less secure because the users might suffer from "severe exhaustion", then I know that there aren't any proper arguments for migrating to it. Thanks for confirming I can continue using OTP without feeling like I might be missing something :)
Passkeys genuinely do protect against severe exhaustion attacks.
Yeah, but they genuinely also prevent you from moving away from companies in the process of enshittification, since the whole export/import thing seemingly hasn't been figured out or even less been deployed yet.
Besides, if you ignore security alarm-bells going off when exhausted, I'm not sure what solution can 100% protect you.
> If you're saying something is less secure because the users might suffer from "severe exhaustion"
Something "$5 wrench"
https://xkcd.com/538/