Readit NewsThere are millions of non-technical people with jobs, where they are issued a company computer.
It's conceivable they might want to access the World Wide Web on it.
Assuming they own no other devices other than a mobile phone as you suggest, they still have at least two and probably don't want to sync anything from their personal phone to a company computer.
P.S. your comment was funnier before you added the part about the gucamole
The only difference between an imagined smooth solution is the sync mechanism and a unified client application ecosystem, neither of which is really possible without a large company behind it.
I said you don't understand how KeePass works because you refer to 3 applications for 3 different OSes (2 mobile) as if they were a confusing mix of different applications, when really they're just client implementations around a single, formalized spec. And most folks don't use both iOS and Android so really there's just your choice of KeePass desktop app and one for Android or iOS.
No one says the plethora of email client choices is confusing. This is exactly the same.
> No one says the plethora of email client choices is confusing. This is exactly the same
It's absolutely not the same. No one is manually syncing files across PCs and devices so they can retrieve mail on all of them. You have zeroed in on some irrelevant pedantry and continue to ignore the big picture.
So no one uses desktop or laptop computers anymore? Who made that decision for everyone, I wasn't consulted.
You don't understand KeePass, which is fine, but please don't make bad assumptions like these if you don't understand the underlying reasons for why a thing is the way it is.
It's like calling out why there are two dozen email clients that speak IMAP.
> You don't understand KeePass, which is fine
Haha this is so hilariously smug and condescending I have to wonder: are you the real-life Comic Book Guy?
I’ll also add. I don’t have a good mental model for what a passkey is or how it works. And again, like most users if I don’t really understand what’s going on I’m just not gonna bother with it. For all the complexity that it takes to implement secure login with a username and password, most of it is hidden from the user, with passkeys it feels like they’re shoving all the complexity front and center, but not explaining any of it.
For example, nearly every visit to my Amazon orders page I am now greeted with a nearly full screen modal browser popup letting me know about passkeys and why I should switch to them RIGHT NOW. I politely declined - the first thousand times. I don't know if this is a site or browser issue and frankly I don't care anymore. It's spam at this point and I want nothing to do with it.
My hesitancy was rooted in concerns about potential issues pretty much what you just described so glad to know I was right.
Seems like passkeys use a very simple model where you are using a single device with a single browser or are somehow syncing across devices with some cloud service - and from your description it sounds like that doesn't even work.
No thanks - I'll stick with passwords. Did everyone forget about hardware tokens which are device and OS-independent and rely on no external infrastructre?
Deleted Comment
There is no validation when you winget whether or not the executable is from the official source or that a third party contributor didn't tamper with how it's maintained.
HTTPS only guarantees the packets containing the unverified malicious code are not tampered with from the server to you. A server which could very well be compromised and alternate code put in its place.
You are drawing an egregious apples-to-oranges comparison here. Please re-read what you said.
You could serve digitally signed code over plain HTTP and it would be more secure than your example over HTTPS. Unfortunately there are a lot of HTTPS old wives' tales that many misinformed developers believe in.