earlier replies
Replying to @blaine @gusandrews @yoz @aaronpk @okta @united
What lesson should we take from 15 years of admonishing users to "just use a password manager" but failing to get better than ~30-40% adoption, and patchy success even from "successful" adoption?
3
1
2
I'm not saying they never work, but taking more the harm-reduction approach that they're often enough frustrating or confusing to prevent usage (I might just be stupid, but @simonw and @anna_debenham are certifiably not 馃榿).
1
Moreover, that's just anecdotal - LastPass's own research, from 2019 - 15-20 years after the introduction of secure password managers - is that 23% of employees access password vaults on their mobile devices, which means that fully 77% *are not* using a password manager.
2
The 'security world' taking the problem seriously and designing something better. 馃槣
3
For sure - my complaint is that we wouldn't stand for the medical profession to say "abstinence is the only way to prevent unwanted childbirth"; I'm not saying no-one should use password managers. I'm trying to say that it's our (security folks) responsibility to build better.
1
Replying to @blaine @bernardtyers @gusandrews @yoz @okta @united @simonw @anna_debenham
My problem with this whole thread is that yes, of course we need something better than passwords, but also, yes, there is a lot of improvement being made right now. It's not like someone can make something that "solves passwords" and suddenly everyone will be using it.

Feb 12, 2021 路 3:06 PM UTC

1
2
Replying to @aaronpk @bernardtyers @gusandrews @yoz @okta @united @simonw @anna_debenham
Obviously not 100%, but frankly there *are* UX tweaks that could be applied to 95% of websites that would eliminate most passwords for the vast majority of users, right now.
1