There is so much arcane security bullshit that you need a lot of background knowledge and mental bandwidth to understand, conceptualize, and internalize.
Us Security People have a lot of Prescriptions, all of which are varyingly difficult to follow.
"Use a password manager that supports SRP like 1Password or Bitwarden, with long unique random passwords for eacah sites, and make sure you use 2FA, but not SMS 2FA, something good, like TOTP 2FA! Make sure you back up the security codes in an airgapped offline solution"
What? That's a bunch of bullshit that makes no sense!
Compare that advice to this:
Use this magic key. You need this and your password. Keep it safe!
Isn't that great? It's just like a normal key.
The problem is that these cost money, and a buncha sites don't support it, and most of those that do have SMS 2FA fallback, which kills the point.
i have nobody i can whine to about this
i want everyone to have a 2fa key
i want the ones i have to be useful
thank u for reading my postes
devtesla wrote
2fa keys rule, you can unlock your password manager with them