The Nirvana Fallacy

Something that frustrates me.

I'll explain the Nirvana Fallacy -- rejecting helpful tools because they aren’t perfect -- and show how that thinking can make you less safe.

The Scale of Risk: A balance scale. On one side, a giant pile of "Real Risks" (represented by skulls or viruses). On the other side, a tiny, microscopic "What If?" pebble. The person in the image is obsessing over the pebble examining it closely with a magnifying glass while the giant pile looms over them. — (Image: Gemini)

No, we’re not talking about the band or the Buddhist philosophy of Nirvana.

The Nirvana Fallacy is something I see all the time that leads people to make ill-informed and even dangerous decisions, particularly when it comes to tech. It’s the faulty reasoning that if a solution isn’t perfect, it must not be worth using.

The search for perfection

Stop thinking that if tech isn’t perfect, it’s useless. That is the Nirvana Fallacy. When you constantly ask “but what about…?” just to find fault, you end up making bad choices. Don’t put yourself at risk by waiting for perfection. Be realistic and use the tools that keep you safe.

If it’s not perfect…

The fallacy is most simply defined as this attitude:

If it’s not perfect, it’s crap.

I see this often. In my world, it often manifests in questions that begin, “But what about…?”

Sometimes it’s someone asking a legitimate question to learn more about some topic. That’s not what I’m talking about.

The “what about” questions I’m referring to are ways to complain, find fault, show superior knowledge, or avoid something.

“But what about an online password manager company’s servers being compromised?”
“But what about Microsoft/Google/Apple using their cloud services for AI training?”
“But what about when you lose your second authentication factor or the device holding your passkey?”
“But what about SMS text messages being compromised?”

You get the idea.

Nothing is perfect

There’s no such thing as perfection. There’s always something to poke at. Nirvana, at least in this realm, doesn’t exist.

Most often, questions like those indicate that the person doesn’t have a good understanding of the bigger picture and the larger risks.

Every but-what-about either has an explanation or just isn’t the horribly serious issue that the “whatabout-er” thinks it is.

Let’s revisit my list.

To the best of my knowledge, no password manager has ever been so compromised as to expose the contents of its users’ vaults. (And yes, I’m well aware of LastPass’s issues.) Password managers, including those that synchronize via the cloud, remain the safest approach to managing passwords.
To the best of my knowledge, Microsoft/Google/Apple aren’t training AI on your uploaded documents. (I would love to see incontrovertible proof indicating they did, though.) You can use the cloud safely.
There are several approaches to recovering and securing your account if you lose your second factor or passkey.
It’s extremely rare that someone will attempt to compromise your text messages. SMS is still better than nothing.

I’m not saying those aren’t real risks and/or annoyances.

What I’m saying is that in most cases, the risks aren’t as serious as they’re made out to be, and the annoyances aren’t as horrible as some would feel. In either case, they shouldn’t get in the way of making a fully informed decision.

And that’s what I see happening.

“But what about” leads to bad decisions

This isn’t so much a vent (though, I’ll admit, it feels a tad cathartic ), but a plea to be realistic and not put yourself at higher risk than you need to.

People avoid password managers because they see an “all eggs in one basket” threat, and don’t understand (or believe) how small that threat really is and how using that basket significantly increases their overall security.
People avoid the various conveniences of “the cloud” because of rumors of AI training, even though we have yet to see any proof.
Passkeys make signing in more convenient AND more secure, yet people choose less convenient, less secure approaches because if they don’t understand it, they feel it can’t be secure.
People avoid any two-factor authentication because they fear SMS compromise, even though any two-factor authentication, including SMS, is demonstrably safer than no two-factor at all.

“Whataboutism” often leads to bad decisions.

Do this

I want you to be safe and secure, and I want you to use tech with as much confidence as possible.

If you’re truly worried about something or want to learn more, definitely ask “what about” questions.

But if you’re using those questions as a way to object, prove your superiority, or prove the experts (you know, the people that understand this stuff deeply) wrong, there’s a good chance you’re way off the mark. Most often, “whataboutism” signals a lack of understanding or a closed mind on display.

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

Podcast audio

Download (right-click, Save-As) (Duration: 6:07 — 5.7MB)

Subscribe: RSS

1 thought on “The Nirvana Fallacy”

Mark H.

February 21, 2026 at 10:29 am

Using a computer and being connected to the internet is no different than driving an automobile. Both require a certain amount knowledge to use safely and have elements of hazard in their use. How many people think “But what about..?” when getting into a car? They don’t because they know the risks, how to minimize them, and mostly know what to do when things go south.
Using a computer online is no different. Learn the best practices and follow them. Learn how to use the tools available to improve security and convenience. Learn how to recover when things go awry.
Yes something might happen or could go wrong, but the same can be said about driving which has far more serious consequences. (No backup to recover from)