#ShowerThought the very existence of password managers seems like a sign that we're doing computer security wrong.
@strypey
From the basics - computer security has three factors - "Something you know", "Something you have", "Something you are". There is nothing more. Passwords are the "know", while certificates or keys are "have", biometrics is "are". 2FA means using two factors together. If you think about it, password manager is actually already 2FA, because you need to "know" the master password, and "have" the password database file. So it's actually a step up.
@strypey
Hmm, I actually learned that at uni. Maybe sources like Khan Academy could have more of that ground work. But mind you, good passwords are about the best thing we have. Each factor has its downsides (such as you can never change your biometrics if they get compromised) and passwords became so popular because the downsides are smallest. Every bit of convenience sacrifices a bit of security.
@chebra thanks, this a very clear, concise summary. Can you recommend a good link for a first principles discussion that lays out things like those 3 basic factors?