every time I look into webauthn I'm reminded that programmers are the definition of a useful idiot. having a cryptographic authentication standard should not rely on a user needing to have a goddamn yubikey (a thing that no one besides tech ppl own) or having their creds locked into a proprietary OS's TPM API. yes, it's technically more secure to do this, but if you can't implement something in software and have turbo-autism maximum security be an opt in feature, then you're effectively ensuring that we remain stuck with the classic email/password "standard" forever, which is not a standard and basically not secure in addition to then tying authentication to a user's identity via an email service provider we could live in a world where software is written to solve problems and make people's lives easier but no every single fucking thing is kneecapped by tech corporations and useful idiot technocrats who never think for a single fucking second about the social ramifications of what they're doing. this is a really benign example of the torture nexus phenomenon but like holy shit the tech industry can't even fucking just do things that would be a net positive and should be entirely apolitical after the revolution techbros will be thrown in a mass grave