|
|
|
|
|
|
by throwawayffffas
227 days ago
|
|
|
Oh my point is that their device attestation thing is security theater. It's clearly just for getting that iso certification. It's a power play by the platform vendors. The vendors are literally saying: We now have this "security" feature and banks have to use it to be compliant and it only works on our platforms, so I guess you have to use our platform unless you want to be unbanked. |
|
|
Just to be clear, no one is saying
> banks have to use it to be compliant
nor are they saying
> it only works on our platforms
As far as I know, if systems were to use attestation it would be in a lot of senses more open than what attestation is available today (in the sense that more devices could use it). But also I don't think anyone who works on passkeys is saying banks need to support FIDO attestation to be "compliant".