100% get your point and indeed agree. I think verification overall is pretty much tied to iOS/(Googled)Android so my (probably naive) hope is that physical token or passkeys that are NOT platform or service dependent gain traction. That’s why I got excited when https://github.com/keycloak/keycloak/issues/23656 was recently merged. I still have to test it but anyway more and more of the services I use online (self-hosted or not) are now behind “Log in with a device” and/or WebAuthN where I feel I can properly login, using e.g. YubiKey Bio or NitroKey, without anybody in the middle “owning” my identity or at least the verification step. I believe this is pretty much the “last battle” to have secure interactions without a central (commercial or not) actor in the middle that can use this to reshape our behaviors and interactions.