I found the list of new things they are going to try interesting:

SOME IDEAS WERE KICKING AROUND INCLUDE: (A) TRYING TO INCREASE TRAFFIC SIMPLY BY HAVING ADS THAT SUCK LESS, (B) PUTTING MORE ATTENTION ON PATREON, © POSTING BOOK REVIEWS WITH BOOKSHOP.ORG AFFILIATE LINKS (FRANKLY, I WANT TO DO THIS ANYWAY), AND (D) FINALLY ADDING ALL THE MERCH TO THE STORE THAT A LOT OF YOU HAVE REQUESTED OVER THE YEARS.

Go read the FIDO threat model if you want to understand how it protects against specific attacks. It is pretty secure.

https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-security-ref-v2.0-id-20180227.html

Is this buying Intel or Microsoft in the early 80s or is it buying AOL in the late 90s?

It is hard to do well which is why I worry. Google probably has the best overall account security, you could fo worse than modeling after them.

The short answer to your question is Passkeys. But you need a whole system of account recovery around them.

I love Lemmy and Voyager and the Fediverse. That said, if it were to become mainstream I forsee some problems. The fact that the login relies on only passwords is pretty terrible. Also, this makes the service vulnerable to bots, sock puppet accounts, brigading, etc.

Non-paywalled link https://arstechnica.com/health/2025/02/rfk-jr-promptly-cancels-vaccine-advisory-meeting-pulls-flu-shot-campaign/

It beats digging ditches.

Start building. It can take 5-10 years to complete.