OK, infosec pros: Is this the panacea so many are making it out to be? I understand the benefits, but I am concerned with the greater reliance on biometrics. Unless they bring back iris scanning on phones [pouring one out for my GS8].
//
Tech giants want to kill off passwords. Here's why they think passkeys will change the world, and what that means for you - ABC News
https://www.abc.net.au/news/2022-07-14/tech-giants-passwords-passkeys-apple-google-microsoft/101184382
I would feel much better if logins required entering a 6-digit pin AND biometrics on the device.
Given that this was pushed by FIDO, will there be open-source and platform-agnostic solutions, or will we all be locked into using Apple or Google phones for this?
Can there be an option not involving smartphones at all, such as current USB hardware keys?
In reading the FIDO spec. it calls for, and encourages open source, third party implementation. It also calls for supporting hardware keys and other non-biometric, authentication.
But the details are in the hands of Big tech to implement.
All in all... I believe this is a very good step.
@corlin @White_Rabbit
The biggest positive I think is (someday) putting password DB breaches in the past.