A full hack of every part of the service is not the only way a user's password could get known to an attacker. Could be MiTM, could be typo-squatted, etc
If a site is that compromised no measure of auth is gonna help, so little use worrying about it.
That makes it a single point of failure yes, and the rest of the comment you're replying to goes into detail on what it does protect from even if both passwd and TOTP are in the password manager
Depending on the security needs using hardware based security as a second factor while still requiring some other form of auth is not actually a bad idea.
It's not actually reduced to one factor, just a single point of failure. If their password manager gets taken it's a problem, however the generated TOTP is worthless in 1 min. So this will protect the login from cases where the password is known like a compromised website or a reused password.
Edit: I stand somewhat corrected, according to what I can find after diving into the slsk rabbit hole a bit, it basically is like torrenting, except each "request" only goes to a single client instead of the swarm, so while the below comment still applies to the speed of making a connection, the downloader won't have gotten it from somewhere else as they'll have been waiting for you.
It is required to initiate a connection from the downloading side though. If your port is closed the only way a connection can be established is by periodic polling by your client... And unless the content you have is really niche, by the time you reach out the downloader probably will have gotten it from someone that was available.
What in the Markov is this comment
Zen browser does exactly this with workspaces which each have their tabs, with the option to pin some of those and/or put them in folders. So if you wanna get away from chromium it should not be too much of a change (not to mention the many things Zen does great over base firefox)
The EU actually was working on a system described above based on some sort of zero knowledge proof (so verification via your gov't id, but without the verifying party being able to assert anything other than age > 18 or whatever data you want to verify)
Hey it's fine if you have a docking station which totally defeats the purpose of a laptop.
Just about every gadget on Kickstarter these days has the option to add tritium vials. "Find your tool anywhere any time" -kinda thing
Unless you are talking about a future where the surveillance state has outlawed basic privacy your statement is just straight false. Sure they are getting there with backdoors in encryption etc, but we're not quite there yet.
To be fair basically all services allow resetting passwords via email so even without the magic email link they'd be fucked anyways if their email got hacked.