|
|
|
|
|
|
by AlbertVAustin
1240 days ago
|
|
|
> it passes the "your grandmother can use it" test IMO. Indeed, but note that having the token is still rare. It'd be good if browsers exposed TPMs via WebAuth since they're more common on consumer-grade hardware. And also the "minor" thing that having only one strong authenticator makes it super-easy to lose own data just in case the authenticator breaks etc. |
|
|
This is why I mentioned "esp with synced passkeys".
WebAuthn can use - but does not necessarily require - hardware-backed keys. iCloud passkeys are an example of an implementation of "soft" keys that are both transparently backed up and synced across the user's devices. Their interfaces are designed to make them difficult to leak (I'd imagine you'd need root+SIP turned off, or a really good OS bug), but are to my knowledge resident in device memory. This is tradeoff for usability. Grandma is never going to be able to use yubikeys to log into things, let alone set one up.