i like the idea if username/password with optional passkey as secondary …
ie “something i can keep in my brain”
mixed with “something a compute device can do”
having only a passkey doesn’t feel like it aligns to a “defense in depth” approach, which we’ve learned many times over is critical to surviving a single oopsy. someone gets access to your passkey manager (eg phone) then you’re fucked.
i like the idea if username/password with optional passkey as secondary … ie “something i can keep in my brain” mixed with “something a compute device can do”
having only a passkey doesn’t feel like it aligns to a “defense in depth” approach, which we’ve learned many times over is critical to surviving a single oopsy. someone gets access to your passkey manager (eg phone) then you’re fucked.
i’d like layers please!