Disclaimer Corbado Co-Founder here: That passkeys (WebAuthn) as a standard can support different levels of security requirements in the future on a common ground is probably the best thing. Even with an unknown new passkey provider, that's still more secure for the average consumer on a broad scale with legitimate passkey providers being 99.9% of the market. For regulated entities, that's an important area of extension. But even for banks, passkeys can easily replace the first factor, as phishing there is the biggest concern. I would argue that Passkeys+SMS OTP for banking is probably far more secure than any other option currently available (even with the sad security of SMS OTP), just because consumers cannot give their First-Factor voluntary away to phishing... Well maybe not better that any option but a lot of them.
I want to self-host my account credentials. Or more accurately, I absolutely do not want Apple | Google | Microsoft to be able to lock my account, and thereby lock me out of every other account. Especially as two of them have already done so.
If I could act as a passkey provider for myself, similar to how I can do that with SSH, then that’d be great. I do not comprehend why it’s not allowed, apart from being part of a further grasp for power by those companies.
Well, you can store your passkeys in a password manager like KeePassXC. Open-source password/passkey manager actually means more or less self-hosting your credentials as a third-party provider.
