>FIDO weakens security by limiting authentication to just something you have (a device/USB token) and something you are (biometrics) while throwing out the requirement for something you know (a password).
Not necessarily. The specific implementation being talked about in the article is to use your phone as your FIDO device, and your phone has to be unlocked. So the "something you have" is your phone, and to unlock it, you can either use "something you are" (biometrics via face ID or fingerprint), or you can have a PIN/password on your phone to make it "something you know".
I wouldn't be surprised (and I would hope) that the FIDO app or feature on phones would also come with the ability to restrict it via PIN/password even if your phone unlocks via biometric.
I agree there are implementations that would be more secure, but they'd still require a password (even a weak version of one via 4 digit pin) and at that point we might as well just unlock our phones and click on the icon for a password manager.
The dream of a life without passwords sounds great, but I don't think FIDO can get us there and if it can't, we have to think about whether or not the extra convenience we can get from FIDO is worth what it would cost us in terms of all the data and control we'd be handing over to 3rd parties.
Not necessarily. The specific implementation being talked about in the article is to use your phone as your FIDO device, and your phone has to be unlocked. So the "something you have" is your phone, and to unlock it, you can either use "something you are" (biometrics via face ID or fingerprint), or you can have a PIN/password on your phone to make it "something you know".
I wouldn't be surprised (and I would hope) that the FIDO app or feature on phones would also come with the ability to restrict it via PIN/password even if your phone unlocks via biometric.