Your government id card is not widely adopted as method of authentification, i guess. This is where this new pass key approach comes in. My concern is, that this new method might completely replace old fashioned passwords. And once every one is used to have a hardware token, the next step of only accepting or selling government approved devices is a small one. This could could ultimately make anonymity impossible. Because you dont control the hardware or the spec.

Imagine being required to have and use your govID for simply everything, because there is no alternative.

This is not a risk of secure authentification, which passwords can also provide.

$Corps loved to harvest phone numbers as a second factor despite a second fall back email address would be at least as secure as SS7 communication. But phone numbers are tied more strongly to your identity so more valuable for the data brokers.

This is the same thing actually. Tieing identity to something you have and not something you alone know. Something external.

Having a single external dependency for all your identities sounds like a good idea to you? For facists and data brokers it certainly does.

To me, this is an attack on anonymity and i know that i sound paranoid. Lets wait for the enshitening.

That's actually what gives me confidence. All the hardware manufacturing problems almost ensure a v3 will be designed.

After looking at various keys and their features I chose basic FIDO2 with NFC with no storage or other fancy feature.

Keys with lots of feature have a larger code base and this means more bugs in the long term.

I use my FIDO2 keys for proxmox, ssh ed25519-sk, vaultwarden, nextcloud, GAFAM accounts.

Unfortunately I know of no bank that has adopted FIDO2/webauthn.

Note: Paypal only allows one FIDO2 key AFAIK, so not an option there.

Yubikey 5 can only store 20, which isn't a whole lot better. Are there yet any readily available FIDO devices that can store 100s of resident keys (I have almost 400 logins in bitwarden)?

My colleague and I recently gave a workshop about security keys where we tried to answer questions like:

* Why should I use a security key?

* What is it used for?

* How can I choose one ?

* What features should I look for?

We did cover FIDO2/Passkeys but also multiple other use cases.

Here are the slides if you're interested: https://tome.one/slides/amiet-pelissier-security-keys-worksh...

I have a couple v1 Solokey Somus lying about. Good little devices. Unfortunately the main selling point of upgradeable firmware is moot if they no longer support the old devices and you have to upgrade. At that point it's they're like everyone else. Except they require some setup on some machines, whereas other keys "just work"

I've since replaced them with yubikeys. Yubikeys have a better feature set (at least compared to by v1's) and at this point are fairly mature/stable. V2 is still pitched as alpha quality, and probably will be deprecated with a v3. As much as I want Solokeys to succeed, I just can't recommend them either.

Cool article!

Sorry your SoloKey V2 experience isn't going so well. I have a V1 and it's been surprisingly robust over the past 3 years. For NFC, I can only get it working with my Pixel 7 phone of I remove the thick OtterBox case. Perhaps your issue is also related to your case thickness? Having to remove the case is a hassle, so I am sticking with multipurpose USB-A to USB-C adapters for now.

I've been using YubiKeys for like 10 years, but the 5C model I recently got suddenly stopped working out of nowhere. It only lasted me from October to November of this year. I've been wondering if the brand has had a quality drop-off.

Of the security keys in my possession, the Thetis U2F key has lasted the longest (~5 years) and has had no problems whatsoever. They've since released updated FIDO keys, and so I purchased 2.

Good luck on your hardware MFA journey!