I believe security keys are the offline version of passkeys you're looking for.
I am afraid that websites will somehow disable support security keys and only support passkey implementations from big tech (similar to how websites only offer signin with google, fb , etc).
Can someone clarify if WebAuthn protocol allows for this filtering against hardware authenticators?
I wouldn’t be surprised if you’re right, but I think it’s not all bad to only use auth from big tech - I don’t know if I trust most small companies to implement uname/password auth correctly. Most users recycle passwords too so a leak is really bad.
I think the reason to only support big tech passkey auth is because users (at scale) can’t be trusted to keep track of their hardware keys.
I am afraid that websites will somehow disable support security keys and only support passkey implementations from big tech (similar to how websites only offer signin with google, fb , etc).
Can someone clarify if WebAuthn protocol allows for this filtering against hardware authenticators?