I've been using FIDO with a hardware token (yubiko) for years and it brings game changing usability and security to sites that implement it. It is also now supported on mobile devices using NFC to communicate between websites and the same hardware token, I'm not sure why the HSM in modern mobile devices couldn't also play this role. This new company sounds like they're just bringing middleware for weaving together the ugly authn world that corps deal with, a la Auth0.
There are a few problems in the general identity space, and I think penetration is the largest. The most important attribute in an identity system isn't authentication, it's trust, and almost nobody is trying to build a system that includes it. Thawte's Web-of-trust was an interesting attempt, but because of the number of users it never got large enough to work as intended.
The honest truth is that normal people just don't give a shit about security, and in a lot of ways they really don't need to. If more people cared, PGP wouldn't be the pinnacle of our p2p PKI systems. It doesn't matter much anymore anyway, the internet that most people use these days is just a sterilized corporate and government propaganda tool where your identity is used primarily to track and profile you.
Biting the hand that feeds IT
