I'm not that enthusiastic about Google, Apple and Microsoft doing away with #passwords as an #authentication factor, because it's one of the few areas left on these platforms where people have some control over their own #security. #infosec https://puri.sm/posts/microsoft-ruined-passwords-now-aims-for-a-passwordless-future/
That said, I understand why *they* would be enthusiastic to move people to authentication methods rooted in their hardware that make you (and other vendors that integrate with it) dependent on them for authentication.
@kyle Both agree and not agree with you. Hardware based authentication mechanisms do have advantages and there are many open source (both software and hardware) projects out there that are FIDO2 compliant. So there is a way to go password-less without the need to buy into their hardware.
@ullgren It sounds like we agree. I like and appreciate methods like FIDO2 and think there is a place for all three kinds of factors in combinations dependent upon threat. What I am opposed to is completely eliminating one of the factors, especially when it's one that gives more control to the individual.
