I can kind of see it, but you can also just use an authenticator from any manufacturer, or have multiple types that you use? I'm just curious what I'm overlooking.
> I've encountered multiple sites that now use authenticatorAttachment options to force you to use a platform bound Passkey. In other words, they force you into Microsoft, Google or Apple. No password manager, no security key, no choices.
Passkeys: as if we didn't have enough ways Big Tech could deprive you of your digital life. Just say "hell no!"
What's the concern with using passkeys?
Not the OP, but I'd assume they are talking about 'direct' attestation mode creating vendor lock-in
I can kind of see it, but you can also just use an authenticator from any manufacturer, or have multiple types that you use? I'm just curious what I'm overlooking.
> I've encountered multiple sites that now use authenticatorAttachment options to force you to use a platform bound Passkey. In other words, they force you into Microsoft, Google or Apple. No password manager, no security key, no choices.
https://fy.blackhats.net.au/blog/2025-12-17-yep-passkeys-sti...
and more discussion here: https://news.ycombinator.com/item?id=46301585
Interesting, could you link me to some of those sites so I can investigate?