The man who wrote the book on password management regrets the error

[princekolt]

At which point will we need to move to strictly external hardware authentication? I think that even with password managers, it can only go so far. At some point we will be synchronizing password files with dozens of MBs, and one day you will want to login to something and won't have access to your passwords. There has to be a way of building transparent AND strong authentication.

[iamphilrae]

The main problem with this would be non-standardisation. For example, I have 4 bank accounts at 4 different banks and each has a different piece of hardware for 2FA. Imagine if you needed an individual key fob for every single online account you have.

I'd love to be in a world where I click the website login button, I then type a simple pin into a key fob, then I plug the fob into a USB port, and it authenticates me. No password other than the pin. I'd also love it to just be a 'thing', not a way to just hack filling in a password field on a form.

[antisthenes]

Hopefully never, because hardware will always remain something you can physically lose.

For certain people (myself included) that's a much bigger risk factor than getting your password manager db compromised.

If I lose my keychain authenticator or what have you, I don't want to be stuck not being able to use any of my websites until a new one arrives.

[tome]

My bank already has this (a little card reader that checks my debit card pin). Seems reasonable to assume this kind of tech could be used more widely.