Subnostr

I'd argue that whether or not the level of entropy can be held comfortably in your head is an arbitrary metric. There will always be tradeoffs between convenience and security. Sooner or later the general public will need to accept that it's in their best interest to get over their own complacency and accept that their security is more important than a level of convenience that lends to outright laziness.

sommerfeld 2y ago

It's an important metric when designing securiry solutions to make them fit for human capabilities.

Replacing every authentication challenge from a password to a 512 bit key might sound good on paper for security but in practice it would just make people rely on physical security keys and backups which can get lost or stolen.

A password has the benefit that is something you know, not something you have.

If we could use radom keys as passwords, that would be the best of both worlds imo.

The more incovinient a setup is, the easier it is to make mistakes. Most cyber criminals have very good opsec, but their impratical setups cause them to make mistakes 1 time when they are in a rush and that is usually enough to get them.

Reply to this note

Please Login to reply.

Discussion

No replies yet.