A big bet to kill the password for good

Rather interesting, but I think the real question is when will existing systems catch up.
For the most part the only real problem I’ve experienced with 2-factor authentication is exactly the one that they outlined. In fact, it was a key reason why I stopped using Google’s authenticator in favor of physical keys around Lollipop.
The notion of storing keys in a synced keychain also intrigues me. My password manager of choice is synchronized between devices, and I generally don’t worry about it because.
  1. Database is locally encrypted with a pass phrase. I’m not getting those back if I forget how to unlock the password manager.
  2. Local storage is typically an encrypted file system, and typically on a system where applications aren’t allowed to access each other’s files without permission.
  3. Synchronization is to remote storage that should be encrypted at rest and transferred over the wire at least as secure as HTTPS/TLS.
  4. Accessing that account requires 2-factor authentication, or an emergency code that is difficult to obtain over network.