MFA can be a variety of different things. In the case of passkeys, a prompt comes up on the screen, you click it, and that’s it. It’s both secure and convenient. That’s why it’s great.

You use something else. Preferably TOTP.

User inconvenience is not at all the same thing as security.

I’ve used it with many sites not on that list. Including this one. It’s not comprehensive.

No, you do not need Microsoft/Google account.

No, you can store them in a password manager. That’s what I do. Doesn’t always work though. Sometimes my browser is prompted for the passkey instead, for reasons I don’t understand.

we figured it’s easier for people to just install docker themselves

It’s definitely not.

It’s really simple, and we even cover it in the Safebox install guide.

Your install guide shows installing Docker Desktop on MacOS in a GUI, which is a strange way to demo server software.

Installing a DE at all is going to lead to complications with sleep modes (ask me how I know), not to mention a bunch of resources and storage for something you’re never going to use.

The goal of your software is supposedly to simplify self-hosting but when you support all these other platforms you necessarily complicate things.

Most everyone will be using Debian anyway and there’s not really a good reason not to.

I’ve only ever seen passkeys used as 2FA, personally.

convenience is security (change-my-mind lol)

Not at all. Typically they’re opposites. But I understand what you’re trying to say. More convenience leads to better security.

There aren’t any. And likely won’t be any. Because Google doesn’t want there to be any. And they go to great lengths to break them on a regular basis. If only they could extend the same resources to their moderation…

there’s no deep system integration like Apple iCloud has

Not sure what you mean there. If you’re using an Apple computer, of course there isn’t, that’s the way Apple likes it and keeps it.

Most Linux distros/DEs support something very similar.

Photo backups with Immich.

File storage with OwnCloud.

Device syncing with SyncThing.

A blog with Ghost.

etc. etc.

I’m not really concerned about the security of it. Moreso the inconvenience of having to open my email client, specifically on the same device, and then sit there and click the refresh button over and over, waiting for it to come through, and then having to go back and delete it after so there’s not even more clutter in my inbox…

Somehow PieFed is able to make them work but simultaneously many large companies are shifting to “magic links” sent to your email. 😡

No companies required. Anyone can buy them. The neighborhood around the corner from me has them at the entrance.

That’s not how that works. The funds can be traced to a wallet, but not necessarily to any specific person. Why Silk Road was able to operate unabated for so long.

Report it

The only “bad thing” I can say is that sometimes it’s so easy that you actually don’t learn any thing.

I learned a lot. Definitely a whole lot less than if I had done it “from scratch”. But also, I never would have done that. I tried and failed several times.

What part of “I’m gonna get rid of my xbox” makes you think they’re keeping their Xbox?

Thanks for saving me a click