I suspect this is why Microsoft is forcing users into it. Not that I agree with or am defending that decision.
I can’t stand being forced into magic link email logins which are designed to also deal with phishing. Takes longer to login compared to Passwords+TOTP or Passkeys and email isn’t exactly private for the majority.
They aren’t magic. Its the same cryptographic signature primitive seen in applications like PGP or blockchains/cryptocurrencies.
I agree to most users they feel magical and are more difficult to reason about. You still “have” a private key stored on the device, but its invisible to the user, so it’s not something you “know”.
I suspect this is why Microsoft is forcing users into it. Not that I agree with or am defending that decision.
I can’t stand being forced into magic link email logins which are designed to also deal with phishing. Takes longer to login compared to Passwords+TOTP or Passkeys and email isn’t exactly private for the majority.
They aren’t magic. Its the same cryptographic signature primitive seen in applications like PGP or blockchains/cryptocurrencies.
I agree to most users they feel magical and are more difficult to reason about. You still “have” a private key stored on the device, but its invisible to the user, so it’s not something you “know”.