[anthony_r]

It's literally the opposite. You "must" have a cryptographic device (a dongle) that is only doing that one thing, authentication. Doesn't have a built in radio (unless for NFC, if you want it), doesn't have any microphone or camera, doesn't store any data beyond what's needed to authenticate, doesn't communicate except to authenticate - bi-directionally, so phishing is no longer a thing, or at least it's a lot harder.

It's very hard to make a privacy case against FIDO. Practically speaking it's one of the best things that happened to privacy&security since the invention of asymmetric cryptography. The deployment of this tech reduces phishing effectiveness to near zero, or in many cases literally zero.

[eMGm4D0zgUAVXc7]

> It's very hard to make a privacy case against FIDO.

With username and password, I have full control over my privacy in a very easy to understand fashion: If I randomly generate them I know I cannot be tracked (as long as I ensure my browser doesn't allow it by other means).

With those keys I have a opaque piece of hardware which transfers an opaque set of data to each website I use and I have NO idea what data that is because I do not manually type it in. I need to trust the hardware.

Sure, I could read the standard, but it very likely is complex enough that it is impossible to understand and trust for someone who has no crypto background.

And I also have no guarantee that the hardware obeys the standard. It might violate it in a way which makes tracking possible. Which is rather likely, because why else would big tech companies push this if it didn't benefit them in some way?

[anthony_r]

> Which is rather likely, because why else would big tech companies push this if it didn't benefit them in some way?

They switched to this internally a long time ago which basically eliminated phishing attacks against employees. There are security teams inside those megacorps that have a general objective of reducing the number of account takeovers, and non trivial resources to accomplish that. Not everything is a conspiracy.

Also, I am sure you will be able to stick to just passwords for a pretty long time while the world moves on to cryptographic authentication. I'm not being sarcastic here.

[matheusmoreira]

> There are security teams inside those megacorps that have a general objective of reducing the number of account takeovers

The same corporations that routinely intercept all network traffic.

[danuker]

> There are security teams inside those megacorps that have a general objective of reducing the number of account takeovers

Said security teams have at most zero incentive that the privacy of the policy subjects is preserved.

[raxxorraxor]

Yes, they also track the behavior of their employees. It is security for them and not for the user in many cases. In a perfect world those incentives align but they don't have to.

[judge2020]

> I need to trust the hardware.

With your password manager, you're trusting a lot more: the software of the OS and kernel, the software of the browser and its dependencies, the software of your password generator and your password storage. You also have to hope the developers and administrators of the website you're signing in to aren't storing your passwords in plain text (and I don't just mean in the database - overly-aggressive APM/logging might be storing POST request data in a log stream somewhere).

The only attack that's an issue for both passwords and security key-based sign-in is targeted attacks against a website, where they use your browser to execute malicious API calls to the website after you've signed in regularly.

[oynqr]

How about using one of the open hardware + open software security keys?

[pnt12]

I'm not familiar with FIDO, but passwords place a lot of effort into the user (must avoid repeating them, must avoid simple sequences, etc). After years of warnings, this has berely changed - people use lousy passwords and repeat them.

So I'm all up for considering different approaches.

[kccqzy]

I think you brought up something very important: explainability.

[stjohnswarts]

The primary case for FIDO is a company like google or apple revoking your access and they have no/limited ways of recovering your account.

[judge2020]

No. Google's power to lock people out of their website is already here with the prevalence of 'Sign in with Google'.

FIDO is unrelated; it works by having the browser/device itself sync the virtual security keys[0], much in the same way they sync passwords currently. That's the only thing changing here, giving people the choice (and encouraging them) to sign in via "what you have" instead of "what you know".

[raxxorraxor]

A password has every single one of these features and it isn't hard to make a privacy case against it at all.