@trscavo @TheRegister No it doesn't. It attempts to in that you _should_ have a means for the fido2 device to auth the user (e.g a pin, thumbprint, whatever). But, when my dongle gets nicked, I'm then reliant on how good the dev manufacturer actually was. Passwords have their drawbacks but 1/2