I used to use it but have switched to using the first letter of each word in a phrase with some numbers and special characters thrown in. It’s not as much typing and I can still get 128 bits of entropy and I can just as easily memorize it.
No one can remove all risk but the security threshold between intercepting an initial connection and compromising a CA are vastly different. The latter would be much more difficult to pull off which is why we use them. Sounds like this EU rule is going to put a ceiling on that though.
I feel like that is also by design. If your account is compromised, you wouldn’t want them to be able to pull messages from your existing devices. It kinda defeats the purpose of them not being stored on the servers.
The tech sector just hit a major correction recently. Wall Street found companies like Google to be overvalued and as such their stocks suffered. This is Google trying to claw back some of that value. See step 3 in the enshittification process. This isn’t just Google. It’s the entire tech sector.
I used to use it but have switched to using the first letter of each word in a phrase with some numbers and special characters thrown in. It’s not as much typing and I can still get 128 bits of entropy and I can just as easily memorize it.