Some thoughts in support of simple solutions.

There is an ongoing trend in the industry to move people away from username and password towards passkeys. The intentions here are good, and I would assume that this has a significant net benefit for the average consumer. At the same time, the underlying standard has some peculiarities. These enable behaviors by large corporations, employers, and governments that are worth thinking about.

  • BCsven@lemmy.ca
    3·
    4 days ago

    Its why I have a Yubikey, the 2FA can be direct request of the device plugged in, or the OTP codes it generates. Being a separate hardware key means its not tied to my phone ID, or under a company “device wipe permissions” required