You DON’T have to trust any company or government for passwordless authentication.
Don’t want to use your phone? Use a hardware key instead. Don’t want to use a hardware key? Use an open source solution like Bitwarden (and it’s not the only one).
At this point, you’re just making shit up about something you don’t understand.
> Don’t want to use your phone? Use a hardware key instead. Don’t want to use a hardware key? Use an open source solution like Bitwarden (and it’s not the only one).
You're ignoring the fact that WebAuthn can require attestation, which will remove device choice from the equation.
Yes, you can generate passkeys at will ... and then you give them away to a usb dongle or HSM, from which some day you might not be able to export them, because vendors love their locked in customers.
I am talking about control and yes, my concerns are speculation but reasonable to me, when you look at pretty much all the recent development. From not-WEI over DRM, to right to repair and on and on.
ris|2 years ago
You're ignoring the fact that WebAuthn can require attestation, which will remove device choice from the equation.
throwawayqqq11|2 years ago
> Nothing compares to the secrecy of password.
Because they are soley internal to you.
Yes, you can generate passkeys at will ... and then you give them away to a usb dongle or HSM, from which some day you might not be able to export them, because vendors love their locked in customers.
I am talking about control and yes, my concerns are speculation but reasonable to me, when you look at pretty much all the recent development. From not-WEI over DRM, to right to repair and on and on.