Personally I think this is a huge breakthrough that brings huge phishing resistance to billions of people's accounts.
While it's good to be suspicious of something so critical like authentication, particularly coming from a big tech alliance, what about the positives?
Consider the number one issue for most people is still phishing, and under this system there's no password to be phished anymore. Also consider that this system is likely using Bluetooth for the PC to phone challenge/response, avoiding current issues with passwordless MFA apps (i.e. Microsoft's right now) where the user could be still be social engineered to confirm a logon by a remote attacker. The Google smart lock app works like this today using BT and FIDO, so we know it works.
Plus the core tech is from what I can tell, just tried and tested asymmetric crypto, with the private key on your phone. The public key is on registered on every web service you want to use it on. Second factor is the phone PIN/Biometric. Sure, Apple will let you store the key in iCloud, but we aren't talking standard iCloud backup here, this is iCloud Keychain where it's protected by your device passwcode which Apple does not know. And if none of this is for you, just use a Yubikey, it's the same tech. And if you do choose to use it, while you are at it, add several Yubikeys as backups to every service, that's standard practice and how it works now.
While it's good to be suspicious of something so critical like authentication, particularly coming from a big tech alliance, what about the positives? Consider the number one issue for most people is still phishing, and under this system there's no password to be phished anymore. Also consider that this system is likely using Bluetooth for the PC to phone challenge/response, avoiding current issues with passwordless MFA apps (i.e. Microsoft's right now) where the user could be still be social engineered to confirm a logon by a remote attacker. The Google smart lock app works like this today using BT and FIDO, so we know it works.
Plus the core tech is from what I can tell, just tried and tested asymmetric crypto, with the private key on your phone. The public key is on registered on every web service you want to use it on. Second factor is the phone PIN/Biometric. Sure, Apple will let you store the key in iCloud, but we aren't talking standard iCloud backup here, this is iCloud Keychain where it's protected by your device passwcode which Apple does not know. And if none of this is for you, just use a Yubikey, it's the same tech. And if you do choose to use it, while you are at it, add several Yubikeys as backups to every service, that's standard practice and how it works now.