alt Hacker NewsEU should have mandated a user-facing authentication scheme using a random string as the only authentication factor for everything. Pretty much like the API tokens for contemporary enterprise software, except that they would be used by ordinary people and not by application developers.
And complement it with hardware tokens for highly sensitive applications.
Passkeys could have been that, but they were quickly subverted by the industry.
Replies
Tell me you’ve never supported a large userbase without telling me you’ve never supported a large userbase.
What’s the plan for supporting the 50,000 people a day who lost their random string? What’s the plan for supporting the other 50,000 a day who pasted it into a random website? Europe has a billion people.
But this does not allow tracking nor marketing, so why would they do that?