They are referring to the ability of a site you are logging into forcing you to use a client from a specific list or having a list of clients to deny.

It's copied over from FIDO hardware keys where each device type needed to be identifiable so higher tier ones could be required or unsecured development versions could be blocked.

▲

jjani 9 days ago | parent | next [-]

This is what I was referring to, and we already have seen this happen in the wild with PayPal at one point (possibly still) blocking passkeys from e.g. Firefox. For now the argument against this seems to be that "Apple zeroes this out so service providers can't do it without risking issues for their many users who use Apple to store their keys", but clearly this is so precarious of a situation it may as well not be a thing. You can't depend on one trillion-dollar company not changing their minds on that tomorrow.

	▲	reginald78 9 days ago \| parent [-]
		Even with the current flimsy "What about iPhones?" defense against attestation, is there anything stopping say Microsoft from just forcing you to install a different app to use Microsoft services?

▲

bux93 9 days ago | parent | prev [-]

It's like DRM: it will annoy legitimate users and keep them from obviously legit usecases, and be circumvented by people who are motivated.

	▲	anonymars 9 days ago \| parent [-]
		Thanks, yes, I see this just came up in a similar comment thread (https://news.ycombinator.com/item?id=44823752) What a crock, to not bother coming up with a way to make passkeys portable and then threaten to ban providers who actually thought about how humans might use them in the real world