I hope this makes U2F being more widely supported among services, but hope they leave passwd at least as an option so we can use it as 2FA, not to replace passwd entirely.
Exactly, I'm not really into using a smartphone to authenticate. I rather have the device itself (desktop/laptop) generating a one time password, see link: https://www.pcworld.com/article/322...wo-factor-authentication-from-your-phone.html
I wouldn't trust any of these new logins as long as they keep avoiding the obvious, using existing free technology. Send them a public key, when you login they send some data encrypted with it. Your private key decrypts it and sends it back. If the decrypted text matches what they sent then voila, you have to be the account owner while no password was ever sent anywhere and a browser add-on could automate all of it. Highly secure, one time login access because the encrypted text they send will be different every time. You can't get an easier, or more secure login option to implement than that. No new hardware just a software implementation of widely used existing technology. But they won't do it because every one of them that claims to be improving login security is a godamn liar and a deceitful petty criminal on a salary.
Worries arise about security of new WebAuthn protocol September 9, 2018 https://www.zdnet.com/article/worries-arise-about-security-of-new-webauthn-protocol/
Google Brings 2FA Fingerprint Support to Its Web Browser With Chrome Beta 70 September 14, 2018 https://gizmodo.com/google-brings-2fa-fingerprint-support-to-its-web-browse-1829065977 https://blog.chromium.org/2018/09/chrome-70-beta-shape-detection-web.html