Sometimes I wonder how bright nana or papa really is as a result.
If you won't dig into even an iPhone's settings to learn what's available, what it can do, good luck to you. That curiosity and willingness to play around, accompanied with Google searches when they don't know what something does, is critical in making it in the world today. Or if you remain a rube, and they will, you'll get scammed someday because you're not on the top of your game mentally. Just lazying it up.
I've come to two solutions. Either Bitwarden or KeePass with only a mobile client to begin with. If they are managing that, then I graduate them to clients on multiple systems and the integration advantages that brings.
I'm a KeePass Windows and Strongbox Pro user on iOS myself. Prefer to keep that database where I want it. Bitwarden is probably the ticket for most people though. If you start them on mobile only, it helps a lot.
Nana and Papa still deserve to have a front door to their house that can't be lockpicked.
Normal people, who have other interests in life than configuring technology, should have secure devices and data from criminals. And they shouldn't have to configure 5 different obscure password managers to do so.
Society shouldn't allow criminals to take advantage of Nana and Papa.
This is one of the most embarrassing comments I've read on Hackernews.
Expecting people to give the minimum of a damn is embarrassing to point out? It's true either way. Sometimes a certain level of complexity can't be abstracted over. This is no longer a fun toy in life. You may have your bank account credentials stolen if you don't wake up and pay attention to what you're looking at.
To avoid being lockpicked you only need two-factor. It's that simple. You need some form of password manager, even if it's paper and pencil, until a megacorp handles it all for you. That'll require a universal standard to be adopted, which won't be here soon.
The rest of your assertions are assuming a premise that I never stated. Feigning offense on the internet has really gone over the top. Of course people should have secure devices.
I expect people to do their best, within their capabilities.
Nana and Papa are not technologically literate enough to perform the kinds of configurations you suggest. In depth custom password manager configuration isn't for them.
They are not at fault for that.
We simply cannot expect all of humanity to be that technologically literate. There are many, many roles in life that don't involve electronic devices that are immensely valuable.
I think that's what I'm deeply offended by. It's not feigned.
But I apologize I don't mean to imply you are talking in bad faith. That's out of line.
My view is.
Engineers cannot expect untrained, ordinary, people in the real world to operate and install complex software.
We have a responsibility to provide them with secure devices they can use.
Privacy and security from bad actors is a moral right.
My view is best stated that I think people are more capable than they think they are. And I'm unsure people even attempt a try at most things. Maybe that's a negative view but I feel that's what I've observed.
I don't worry too much because most of the most important entities, such as say Social Security in the US forces 2FA on users. I just signed up on that site the other day, and they simply force you to do everything securely, or you don't get in. I found the process lengthy, but appropriate and well-done. That's a great example of how to secure something important without waiting on industry to solve everything.
I agree password management is one of the most difficult parts of the average person's digital experience. Until it's solved through a universal pact by Google/Microsoft/Apple, the built-in password manager on iOS is pretty decent for those types of users. Passkey is a good step in popularizing a solution.
My issue is that I've seen people attempt to do these things. And fail miserably.
One project I've worked on, something like 5-10 out of every 200 people successfully misspelt their own name in text forms.
Non-professionals create human error. The more details the non-professional has to configure, the higher the percentage of human errors across your userbase.
The issue is, in device security, human error is not acceptable.
If you won't dig into even an iPhone's settings to learn what's available, what it can do, good luck to you. That curiosity and willingness to play around, accompanied with Google searches when they don't know what something does, is critical in making it in the world today. Or if you remain a rube, and they will, you'll get scammed someday because you're not on the top of your game mentally. Just lazying it up.
I've come to two solutions. Either Bitwarden or KeePass with only a mobile client to begin with. If they are managing that, then I graduate them to clients on multiple systems and the integration advantages that brings.
I'm a KeePass Windows and Strongbox Pro user on iOS myself. Prefer to keep that database where I want it. Bitwarden is probably the ticket for most people though. If you start them on mobile only, it helps a lot.