Comment by dariosalvi78
20 days ago
I think that the answer are vendor-independent standards.
The main issue being solved here is that security relies heavily on those actors like Google and Apple. Banks, companies etc. have high security requirements (rightly so) and basically need to tick boxes. So if the only way to obtain, say, MFA, is through something only Goole/Apple provides, they will require Google or Apple devices.
If we had reasonable standards alternatives can become a reality.
That's not really going to fix anything here.
The reason a big company can do this is because they can absorb big liability risk and insure it appropriately.
A standard can't do that.