I'm not that enthusiastic about Google, Apple and Microsoft doing away with as an factor, because it's one of the few areas left on these platforms where people have some control over their own . puri.sm/posts/microsoft-ruined

That said, I understand why *they* would be enthusiastic to move people to authentication methods rooted in their hardware that make you (and other vendors that integrate with it) dependent on them for authentication.

Show thread

@kyle Both agree and not agree with you. Hardware based authentication mechanisms do have advantages and there are many open source (both software and hardware) projects out there that are FIDO2 compliant. So there is a way to go password-less without the need to buy into their hardware.

@ullgren It sounds like we agree. I like and appreciate methods like FIDO2 and think there is a place for all three kinds of factors in combinations dependent upon threat. What I am opposed to is completely eliminating one of the factors, especially when it's one that gives more control to the individual.

Sign in to participate in the conversation
Librem Social

Librem Social is an opt-in public network. Messages are shared under Creative Commons BY-SA 4.0 license terms. Policy.

Stay safe. Please abide by our code of conduct.

(Source code)

image/svg+xml Librem Chat image/svg+xml