Being a crotchety cynical old man, I try hard not to get my hopes up but I fear that Apple's Passkey has broken down my resistance. I really hope the Passkey concept gets implemented and universally accepted. And it isn't really for web site authentications.
If the institution has my public key they they could send me encrypted emails. Likewise, with just a tiny bit of sugar in Mail, Mail could fetch the institution's public key and I could send encrypted emails to the institutions. At that point, such things as bank statements and, indeed, stock transactions, EFTs, etc could be sent back and forth via email.
Why email? Email is one of the few universal store and forward technologies. Quicken (for example) could spew out an email to Big Bank, Inc that says "Pay the brothel $250". If Big Bank is down or I'm not connected to the internet or or or ... the email is stored on my laptop until it is able to get delivered. Likewise, when Big Bank sends me a statement, it would stay at Big Bank until it is able to be delivered. And there are existing mechanisms for time outs, bad addresses, etc.
The other step that this would allow is I think spam would quickly die. Unsigned emails would become extremely rare instead of the norm and it would be far more precise to filter based upon signatures rather than content. And phishing via email would be stopped. I still get legitimate emails from banks, etc with links in the emails which requires close scrutiny to make sure it is valid. If my email told me (as it does when you have encryption and keys turned on) that yes, indeed, this email really is from Big Bank, Inc based upon its signature with a big green checkmark in the upper right corner, (much like the lock icon in the browser's address window) I know the email really did come from Big Bank and not some imposture.
I'm hoping these ideas are already part of the WebAuthentication concepts or get added in.
If the institution has my public key they they could send me encrypted emails. Likewise, with just a tiny bit of sugar in Mail, Mail could fetch the institution's public key and I could send encrypted emails to the institutions. At that point, such things as bank statements and, indeed, stock transactions, EFTs, etc could be sent back and forth via email.
Why email? Email is one of the few universal store and forward technologies. Quicken (for example) could spew out an email to Big Bank, Inc that says "Pay the brothel $250". If Big Bank is down or I'm not connected to the internet or or or ... the email is stored on my laptop until it is able to get delivered. Likewise, when Big Bank sends me a statement, it would stay at Big Bank until it is able to be delivered. And there are existing mechanisms for time outs, bad addresses, etc.
The other step that this would allow is I think spam would quickly die. Unsigned emails would become extremely rare instead of the norm and it would be far more precise to filter based upon signatures rather than content. And phishing via email would be stopped. I still get legitimate emails from banks, etc with links in the emails which requires close scrutiny to make sure it is valid. If my email told me (as it does when you have encryption and keys turned on) that yes, indeed, this email really is from Big Bank, Inc based upon its signature with a big green checkmark in the upper right corner, (much like the lock icon in the browser's address window) I know the email really did come from Big Bank and not some imposture.
I'm hoping these ideas are already part of the WebAuthentication concepts or get added in.
