Yes Tanner did mention those. I suppose it would be interesting to explore whether Mozilla would be willing and able to supply the community with them as needed.
Though a point missed by my critic is that we’re talking about normal people who do lose things. Hard drives die or are wiped, machines get replaced without everything being migrated over.
My personal opinion is that regular end users shouldn’t have to carry an undue burden. For example my grandfather’s memory is starting to go. He’ll forget his password and reset it to get in to his accounts. However Google doesn’t let you use the same password as it used to be, so he can’t set it back to the password he remembers. For a little while he was stuck resetting it regularly because he would fix it on his phone then forget it by the time he had to reenter it on his desktop so he’d reset it again and then forget it by the time his phone asked for it again. But each time he’d have to change it to something totally new and the chances of him forgetting it increased. It was basically a form of dos and the solution ended up being to get him to write it down and tell it to other people. It was less secure than letting him reuse a password.
The physical keys sound interesting for someone like him, he isn’t prone to losing his keys, but they could be a disaster for many people with ADHD. I suppose it depends on the recovery options.
I think it is fair to expect someone who is managing a technical resource to be able to manage the extra steps, and I appreciate that access to certain information justifies any extra burden while there are not better options. But by nature any security measure is a barrier to participation and I don’t believe it is Mozilla’s way to use them just because they exist. The risk needs to be weighed against the cost to participation.
So the first thing I’d want to understand is what are the risks of a regional community member’s inbox only being secured with a password?