[stavros]

I've seen this argument many times, but I don't understand it. Can you explain a scenario where this would be an issue? So, Netflix makes me log in with a passkey that comes from their own hardware, instead of my password manager. What's the danger there, beyond the fact that this seems to me extremely unworkable because I'd just never sign in?

[array_key_first]

The danger is that you now can no longer use netflix without they're approved hardware? Of course, that's essentially already the case with netflix, but this becomes dicey when services that actually matter take this approach.

And then suddenly you're debanked.

[stavros]

No, we're talking about logins, not usage. Can someone explain to me a case where logging in only with an approved authenticator would be problematic?

[geonineties]

How exactly are you going to use a service that requires login if the login requires an authorized device you don't have?

[stavros]

OK, so what's the scenario? Netflix wants to make me not use their service? Surely there are easier ways to do that than to make a new auth standard?

[throwawayffffas]

It's not really Netflix. Its Microsoft, Apple and Google.

So say goodbye to using teams on Linux. Using Microsoft365 on any hardware that is not Microsoft approved.

Or logging in to your bank without an iPhone or an android. We will surely complain but the bank will say that we only support secure devices and that means iPhones and Android, and how come you are making a big deal about it just buy one of these two everyone else has one.

[joshuamorton]

> Or logging in to your bank without an iPhone or an android.

This is already possible (and common!) many banking apps, for better or worse, use device attestation features that require varyingly official copies of android. Were you already complaining about this?