The original post: /r/privacy by /u/datalot on 2025-01-22 03:26:09.
Axioms:
- Google owns 0 of my total passwords, but everything can Sign in with my Google account. Perhaps, everything is as secure as my Google account password.
- My Firefox account holds ALL of my passwords, which ensures Linux - Samsung syncing.
- Samsung Pass is as strong as my biometrics/PIN, and it’s the safest place to forgive passwords in a Samsung device, but it is not compatible with Firefox.
Now, I have the option to wipe out my Firefox usage and go ahead Passkeys on Samsung, but I would need my phone if I want to sign in on any web in my desktop. This is a terrible idea. If I lost my phone, I lost everything until I recover access to my phone number.
On the other hand, it feels that this 2FA thing is missing the point that if someone steal my phone, then it will have my SIM card (unless I use eSIM), or things like Google Authenticator still depends on the Google Password, so if an app that signs in with a Google Account asks for the code, is like asking for the Google Password two times. It’s a nonsense.
How do you deal with this passwordscalypse? Don’t you feel we are going in the wrong direction and we’re simply adding complexity to the already insecure human nature?