[jwcrux]

I hope they do. Wouldn't that be incredible? Having _native_ U2F/UAF built right into the browser.

The hard part is that there's another more subtle chicken and egg problem when it comes to software implementations and consumer HSM. Google/Apple/Microsoft will likely only really push forward native implementations when there is enough market share for consumer hardware having HSM's built in to make it worth it with feasible fallback options.

[jlgaddis]

It's too bad that TPM usage never really took off. TPMs would have (in theory) been great for this use case that U2F is addressing.

[mjg59]

Not entirely, since there's no easy way to tie physical presence to secret availability

[jimktrains2]

What happens when I need to log in on a new device?