> Nobody ever did the obvious thing of hooking this stuff up to biometric readers deployed by the billions in the form of phones using either photo recognition or finger print readers, laptop finger print readers, etc.
The last thing I want to expose to some random shady internet site is my photo or fingerprint.
If it's FIDO2, then you don't actually expose biometrics to the site. The verification is done on device and unlocks a key saved in the TPM/secure enclave.
Of course, once Face ID/Windows Hello logins on the web become a thing, web sites may trick users into enabling their regular camera instead, for whatever reason.
Just so it’s extra clear, once the key on your Secure Enclave is unlocked, it then decrypts the repository of passkeys on your drive and then sends that to connect to the service.
No solution on a PC or non-Apple laptops offers this. Apple and Android devices can because they have secure enclaves with the capability to do trusted analysis and attestation of fingerprints and photos, but no one else has the required technology and the required secure communication channels between the involved components.
You’re wrong. Multiple vendors have what Apple calls a Secure Enclave. On PC, it’s called the Trusted Platform Module and somehow the whole PC crowd has decided that thing is unequivocally the road to fascism.
The last thing I want to expose to some random shady internet site is my photo or fingerprint.