Google Is Rolling Out Password-Killing Tech to All Accounts · 10:23pm May 3rd, 2023
On the one hand, yay! We've seen plenty of compromised Google (and Apple, and etc.) accounts of famous people on the news.
On the other hand, good lord, what if you lose your phone? Maybe it's time for a YubiKey.
or if you don't have a phone
Print the private key on a piece of paper and put it in a safe?
What if you lose your YubiKey?
But knowing these corporations it will probably end with some nasty shit with TPMs
As someone who doesn't have a mobile device and cannot afford the cost of owning one, let alone the initial purchase, this sure sounds 'fun'.
Every day I stray further from the Network's Light.
and one step closer to the complete destruction of anonymity on the internet.
Off grid is sounding more appealing by the second
I always Skipped the Phone thing
5726190
Well, it is recommended to have two of them set us the same. You have one on you and the second one in a safe location (like a safe) in case you lose the first one.
This is absolutely a fantastic feature for one of my parents - they don't know/refuse to use a password manager, and have trouble with chrome profiles.
Much better this than the same credentials used on every site.
As long as there's a way to regain the account if the phone gets broken/is unavailable then this is a very good thing.
As someone who is obsessive with their online security, this is a great feature as long as it is optional. (I have 400 accounts in a password manager, all with 24 letter/digit passwords that are randomly generated that I replace on a three month cycle in addition to 2FA on every account I can.)
5726498
A cat after my own heart! I'm doing essentially the same.
I also used diceware* to generate the 200 bit entropy encryption key to my password manager.
*with physical dice and paper