"I resent the comparison between advocating a defensive design, and being opposed to literacy."
Perhaps you shouldn't - this is like Conways law, systems tend to mimic the communication systems of their organizations.
When you design a system which encourages a certain philosophy, you create "positive" potential in that direction. By designing and promoting systems which reduce user control, you further the communication model of top down hierarchical control.
Why should I trust Webauthn? What stops it from itself being hacked? People with password managers, no control over authentication, end up less, not more secure. The only way to increase security is modularization - if you don't want phishing attacks to occur, you should isolate the process. You should have more than one password, and you should absolutely not store them all in one place.
There have been several indications in this thread how you can isolate the process, none of them require overly complex, big brotheresque solutions.
Perhaps you shouldn't - this is like Conways law, systems tend to mimic the communication systems of their organizations.
When you design a system which encourages a certain philosophy, you create "positive" potential in that direction. By designing and promoting systems which reduce user control, you further the communication model of top down hierarchical control.
Why should I trust Webauthn? What stops it from itself being hacked? People with password managers, no control over authentication, end up less, not more secure. The only way to increase security is modularization - if you don't want phishing attacks to occur, you should isolate the process. You should have more than one password, and you should absolutely not store them all in one place.
There have been several indications in this thread how you can isolate the process, none of them require overly complex, big brotheresque solutions.