That’s why stuff like webauthn is better; if we’re going to maintain a list of garbled text, let’s make it secure one-way encrypted keys instead, which are way stronger.
You’re still only as secure as your password manager, but no one’s gonna decrypt your private key from a stolen database of public keys unless some really monumental exploit is discovered - and if that happens we’ve got MUCH bigger problems.
That’s why stuff like webauthn is better; if we’re going to maintain a list of garbled text, let’s make it secure one-way encrypted keys instead, which are way stronger.
You’re still only as secure as your password manager, but no one’s gonna decrypt your private key from a stolen database of public keys unless some really monumental exploit is discovered - and if that happens we’ve got MUCH bigger problems.