Can someone explain to me how using biometrics rather than a password/pin to protect from unauthorized access to your passkeys doesn’t violate the “something you have” and “something you know” principle of multi-factor authorization? Most of these implementations seem squarely geared at user convenience at the cost of actual security.
I would say this is a little too pessimistic. Legislation in the EU and California have both forced tech companies hands, it’s why we can download all our data and delete all our data (supposedly, doubtful in reality) on the large tech platforms. The issue I see is getting legislation that attaches itself to a standard controlled by the W3C. You are right that it won’t be something done by the US federal government though.
Nothing, amazon is a leech. Don’t use amazon.
I’d just skip OpenVPN altogether and get started with Wireguard or Headscale/Tailscale.
This one was huge for me. OpenVPN is pretty heavy with CPU overhead, where as wireguard is almost free. I was getting throttled due to the overhead of OpenVPN and roasting the CPU on my Netgear R6350 (it’s what I had lying around). With wireguard I get nearly the same speeds as without a VPN and my loads are very reasonable.
Also with weaker routers like mine, be wary of trying to use QoS, this will probably not help network congestion and instead become a bottleneck (like it did for me). This is where a beefy dedicated router really shines.
This assumes a pin is used, which according to the WebAuthn wikipedia page is not generally the case:
The way I read this, a pin is even too much for the end-user and biometrics replace it for usability.