<p><span class="h-card" translate="no"><a href="https://hachyderm.io/@dalias" class="u-url mention">@<span>dalias</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@whitequark" class="u-url mention">@<span>whitequark</span></a></span> <span class="h-card" translate="no"><a href="https://orbital.horse/@emma" class="u-url mention">@<span>emma</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@mcc" class="u-url mention">@<span>mcc</span></a></span> I can think of a couple of sites where I've been able to ditch SMS 1FA in favor of passkeys. it's slow going because the biggest problem with SMS 1FA is incompetent financial institutions, and that's a problem that the auth vendors can't solve.</p><p>I should note that there ARE people for whom device instability is so bad that they really shouldn't be using passkeys ( c.f. <a href="https://glammr.us/@jessamyn/113743765591001673" target="_blank" rel="nofollow noopener" translate="no"><span class="invisible">https://</span><span class="ellipsis">glammr.us/@jessamyn/1137437655</span><span class="invisible">91001673</span></a> ) and educating those folks is a big challenge. They're not perfect.</p>
