I don't understood this. I keep not understanding this.
What's my basic authentication method to a site or system I can write down, backup, export or memorize? What happens if I go naked to a friend and want to use their devices to access my systems? What happens if I lose one or more of my existing devices? What happens if I get locked out of one or more of my devices? Basically am I the only one who doesn't think phone is my life and I don't want my life to be over if I lose my phone?
I feel like I'm in a twilight zone of phone dependencies. Already so many systems refuse to let me in if I don't have my phone with me due to sms 2fa I didn't ask for, even though I have dozen other devices and valid credentials. Now we just want to stop pretending and just lock me in to phone forever? My phone goes with me everywhere I go and is super likely to get lose broken or stolen. I don't want it to be a dependency to my online access.
> What's my basic authentication method to a site or system I can write down, backup, export or memorize?
There isn't one. This is by design. Logging into your bank or email provider will in the future require mobile device shenanigans that are either proprietary or so complex and opaque that you have no chance of "controlling" anything, or even really understanding what's actually going on.
The main lobby driving this forward consists of Google, Apple, and Microsoft. This should tell you all you need to know.
Which part of passkeys / Webauthn / FIDO requires a mobile device?
Unless you're using one of the proprietary desktop OSes then you have to use one of the proprietary mobile OSes.
https://developers.google.com/identity/passkeys/supported-en...