@timcappalli I think it’s even worse than this! Your do a great job explaining why it’s problematic for users who -don’t- know what’s happening (and also the increased risk of loss for everyone)
But there are second order affects on -security-. A user who -knows- their passkey is encrypting their data must now keep that key much longer than they would otherwise need to. Auth keys should be safe for frequent rotation and replacement, which means keeping their scope tight.
for a year