TOTP standard made sense, but mainstream implementation was user-hostile at the start with stuff like Google Authenticator not letting you copy keys, then afterwards still making it unclear under what circumstances they're backed up. Nowadays it's user-unfriendly at best.
I like how we went full-circle to Passkeys which are basically a "remember me FOREVER" button, implemented kinda like SSH keys. Should call it that too, and also ditch the like 4 prompts it gives you first.
TOTP standard made sense, but mainstream implementation was user-hostile at the start with stuff like Google Authenticator not letting you copy keys, then afterwards still making it unclear under what circumstances they're backed up. Nowadays it's user-unfriendly at best.
I like how we went full-circle to Passkeys which are basically a "remember me FOREVER" button, implemented kinda like SSH keys. Should call it that too, and also ditch the like 4 prompts it gives you first.
>"remember me FOREVER" button, implemented kinda like SSH keys.
Here's a better idea: just use openssh or at least openssh's key formats since none of the big companies can manage anything better.
That would've been nice, cause instead Passkeys are kinda locked into whatever walled garden you chose.
At that scale, the amount of support getting a city of people to understand that is overwhelming.