With a breach of this size, I think we’re officially at the point where the data about enough people is out there and knowledge based questions for security should be considered unsafe. We need to come up with different authentication methods.
You get a private key! And you get a private key! And you get a private key!
Tying a password to a browser or device isn’t going to make it any easier. Use a password manager and set unique string passwords for everything. If the app supports it, use FIDO physical keys instead of Passkeys
Even better would be to use certificates instead of passwords. What if every website gave you a certificate signed by them, and you store that in your password manager automatically.
Maybe that’s what passkeys are… Haven’t read up on them at all.
… passkeys basically do all this without you having to know how. Your device /is/ the physical key and /you/ are the secondary auth. It honestly doesn’t get any easier for the user.
Pirate keys for sure. Not using one is just asking for a stranger to grab your booty.
We have different authentication methods. The hard bit is persuading people to use them.