A thing I just saw on the orange site: "WebAuthn seems to be designed by big businesses to take control of the authentication ecosystem."

-
-
Did you read the orange site comment he’s referring to? It’s a conspiracy because WebAuthn only supports hardware tokens not soft tokens. This is a mille feuille of valid orange site snark targets.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Your minor point is worthy but mis-targeted, FWIW: _lack_ of standardization of unphishable creds was leading everyone to centralize login on GSuite. I don’t know what the good target is. I’d recommend most clients centralize on GSuite. Everything is bad.
-
I never understood the difference between Oauth and phishing, to be honest, other than one was malicious. Certainly not well enough to explain it to people. But my ultimate point is: I hope you feel better!
End of conversation
New conversation -
-
-
My primary issue with this comment is that it (at best) misunderstands the WebAuthn specification to require hardware tokens (it does not) and then makes an assertion of bad faith based upon that misunderstanding.
-
When it comes to potentially privacy-harvesting technologies like WebAuthn, I think it is defensible to assume bad faith until proven otherwise. This makes a lot of people who work at the large companies and have pure intentions angry, but it is warranted by past conduct.
- Show replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.