Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

How do password managers make password rotation any worse? If anything, they at least keep a record of which sites need password rotation.


We used to have OpenID in the past, now that password managers exist, efforts to fix the problem at the root have been stalled.

In fact, Android implements now on OS level an API for password managers, but no way to easily authenticate through a third party app.

Password managers are "good enough" that few people care about better solutions anymore.

Personally, I'd prefer to see client side certificates, or OIDC login everywhere, with short lived session tokens, and proper U2F 2FA.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: