Yeah, it's one of the reasons I use a Microsoft account to collect the PC entitlements and then create a local user account that has a sane profile name and never touch the online account again.
1) force the type of passkey stores used (e.g. hardware vs software) when I am providing the passkey store
2) force me to MFA (e.g. forcing touch ID, entering pin or unlock password, etc) when attempting to use a passkey
I'll continue to stick to plain old boring password + TOTP. I fully understand the security trade-offs like phishing resistance but password + TOTP is secure enough for me.
Many/all? also need to have some form of manual input as a backup, so you're not forced to sync all your passwords to e.g. a library's computer just to log in, if your house burns down or something.
(1) is already true today. There is no way for services to enforce whether a passkey is stored in software or hardware.
(2) I understand you don't like the user experience. But to make a technical clarification: requiring a user action to prove there's a human involved in the login action (e.g. by clicking a button in UI or requiring Touch ID) does not necessarily mean there's another factor involved at all (MFA). What you are describing is more of a "liveness check" than a separate factor/separate credential.
(1) is already true today. There is no way for services to enforce whether a passkey is stored in software or hardware.
Challenge: Go and try to register a non-blessed passkey type with PayPal and come back and share your experience.
(2) I understand you don't like the user experience
Pretty much my complaint. Passkeys allow for service providers to do dumb things that result in terrible UX. With Password + TOTP, I don't get asked to touch a sensor, enter a PIN, enter an unlock password, etc.
The Radithor reference is of course quite apropos, and I'm a fan of effective and principled regulation to avoid that and numerous other market failures.
I had put it off for several years because everyone kept telling me how awful the prep was. My doctor kept pestering me to agree to do it so I eventually relented.
Turns out, I needed to go to the bathroom frequently during the day which was an annoyance but I never had anything close to an "accident" nor did I feel any strong urge to evacuate at night. So the whole experience turned out to be a huge nothing-burger and I had a few polyps that got sniped that weren't cancerous - so now I have peace of mind that I didn't have before.
This hit home for me. I spent about 6 months working exclusively with emacs to get past the "this is weird/hard because it is unfamiliar to me" stage. At the end of the experiment, I went back to using vim and IDEs.
My take personal takeaways from the experience:
1) capslock/ctrl switching is helpful in so many other areas - so I kept that
2) emacs is something you want to "live in" (e.g. learning to rely on eshell) if you want to really become proficient with it
3) emacs is something you have to be willing to tweak/adjust via elisp to suite your personal preferences if you want to really really really be proficient with it
2) I have eshell bound to a keybind, but I've never use it. I prefer shell-mode and shell-command. They make it easy to use cli utilities. TUI is something that I find myself no longer needing. And I've become so accustomed with the cli that the only two I'm using in a terminal is `less` and `top`.
3) I think the best way is to find some vanilla base config that will smooth out the rough parts, then, once you understand the internal concepts, tweak them to your liking. It's certainly a long term plan, but the pro is not having to wait on "features" from another company or group.
> I have eshell bound to a keybind, but I've never use it
For years, I had a similar feeling about it. And then I learned that in eshell you can pipe in and out of buffers. So you can for example grep the content of one buffer and pipe results into another. Or pipe the output of a command to a buffer, and you even can chain them pipes. That often comes extremely handy.
Same for my parents - one of their desktops that they were going to leave on Windows 10 needed to have tpm and secure boot turned on in bios and suddenly it was Windows 11 compliant.
I use powerline ethernet adapters to hook up the media center in the living room. They aren't super fast (~100 mbps) but they are so much more consistent than wifi.
What purpose outside abetting in avoiding a DUI is there for publishing a live map of DUI checkpoints?
That is easy to answer - letting law abiding citizens going about their personal business know that if they go through an area they are likely to be stopped and subjected to being searched by police without cause.
For me, I'll be replacing Windows with Linux on any machine that can't run Windows 11 in a supported fashion.
I honestly thought Microsoft would blink on this but I guess their leadership believes everyone is going to run out and buy an entirely new computer just to run Windows 11. My older parents (for example) aren't going to throw away their perfectly functional desktops/laptops and will instead continue to use Windows 10 with the attendant security risks (they won't pay $30 for security updates) unless I convince them to switch to Linux.
reply