Npm can't force people to use password manager

diggan · 2025-09-09T12:18:23 1757420303

Nor does TOTP+password lock you to one authentication provider indefinitely. Tradeoffs :)

maltee · 2025-09-09T12:31:03 1757421063

You can always register a new passkey with the site if you want to switch authentication providers, can’t you?

diggan · 2025-09-09T14:20:15 1757427615

Yeah, I guess that'd work if I had a couple of accounts, but since there a bunch of them, I really need proper import/export to feel comfortable with moving to it. I just know I'd punt the task of migrating everything if I have to go account-by-account to migrate away.

Considering that today it'd add work for me today, and future work, with no additional security benefits compared to my current approach, it just don't seem worth it.

vel0city · 2025-09-09T14:19:59 1757427599

I've got passkeys from multiple "authentication providers" available on all of my devices. This isn't a tradeoff.

ljlolel · 2025-09-09T12:19:11 1757420351

You can if you just force passwords longer than people can memorize or even want to write down (assigned 24+ characters)

koakuma-chan · 2025-09-09T12:26:58 1757420818

It's just gonna be on a sticky note hanging on the screen or under keyboard

hu3 · 2025-09-09T13:20:32 1757424032

careless people just copy paste those