Comment by Spivak
21 hours ago
This is such a lazy take and ignores that this is the only system that has the property of not losing data when users forget their passwords and lose (or likely never write down) their recovery key.
That's it. That's the whole thing. Whatever "secure system" you build will not have this property and users will lose their data, be mad at you, and eventually you'll have to turn it off by default leaving everyone's data in plaintext. It's a compromise that improves security for people who previously left their disk unencrypted. It changes nothing for people who previously did their own key management.
You won't be able to turn the first group into the second group. That's HN's "Average Familiarity" fallacy. The fact that basically every 2FA system has a means of recovering your account by removing it should tell you that even technical people are shit at key management.
Yep... I've seen exactly this happen. People losing data/access by their own fault and yet being extremely mad at the OS developer or the company they have an account with. And, no, it does not matter if you tell them 100 times that they are responsible for not losing their own keys/passwords, they will still be furious that you set up your system in (from their perspective) such a shitty way that it's even possible for a permanent lockout to happen.