That said, my data has been breached at least 4 times because despite my efforts to protect my privacy as far as possible, 4 different companies failed to keep data collected from me safe. In each case, I got a letter informing me of the breach (usually quite belatedly) and offering no compensation other than a security service that merely notifies me when it finds my private data online. Since I already know it's on the dark web and there's nothing I can do to put the horse back in the barn, this notice is completely worthless.
We need laws prohibiting the collection of excessive amounts of data about individuals and imposing severe financial penalties on cos. that fail to keep our data safe.
On another, related front: it seems to me that the continual push among companies to require that we share more and more data about ourselves and to rely on cloud-based cos. for storage, especially for things like passkeys, under the pretense that any of this will somehow make us more secure, seems to me benighted at best and probably more accurately knowlingly fraudulent.
First, every online co. I've interacted with has urgently sought my cell number. But my cell phone is the least secure device in my system, easily surveilled by governments or anyone else with a bit of cheap equipent and much more likely than a desktop or laptop to be stolen or lost. If I have access to snail mail, a land line, my desktop computer, or a laptop, it seems to me that it would be much better to use one of those and leave my cell phone out of it.
Second, any so-called security protocol that requires you to upload additional info to a company or server that you don't control simply exposes that additional info to more hackers. It doesn't matter whether it's a record of your password, your cell number, your social security number, your driver's license, your mother's maiden name, your first pet's name, your fingerprint, your iris print, your face, your body oder, or all of the above; the company collecting that data has to keep a record of it in order to (pretend to) use it to authenticate you, and that record can be hacked. And the more personal data you upload and the more sites you upload it to, the greater the likelihood that one or more such sites will be hacked, and thus the more vulnerable you are.
In contrast, a unique, strong password kept offline by you for each of your accounts is for all practical purposes unhackable.
= new reply since forum marked as read