@jwz @timbray Last year I got scolded by a passkey developer for pointing out that for the huge majority of users, it's one-factor login and the factor is biometrics. So, not really very secure after all. But the dev was like, we put a lot of work into this so don't criticize it.