Tell them the NIST recommendations for password frequency changes have been really reduced in recent times because it pushes people into other bad password practices. Among all factors, changing the password frequently is the least important.
But I also worry about new areas of weakness with passkeys - anyone accessing the device with the passkey on it, or hacked that device, gets access automatically to the accounts. Also if logins are too fluid I worry that anything out of the ordinary during sign ins won’t be noticed.
I’ve used librewolf and it seems good but I’m not a browser expert.
Aye good to know some instances block VPNs , didn’t know that. As a user from China who has to use a VPN always that would be problematic. Guys I got lucky with my instance.
I wonder how they get GPS info through a call, hmm.
I guess I mean if people are too used to critical services opening up without any friction, a pause to complete some sign in step, they’ll stop taking a moment to look for any warning signs, so they might miss the fact that they’re at a spoofed url, for example. Yes you’re right that the passkey wouldn’t be working at this fake site, but it could still take them out and harvest some data, interactions or credentials.