I'll say it again for the people in the back: With Security Keys, instead of the *user* needing to verify the site, the *site* has to prove itself to the key. Security is as much about human factors as cryptography; we have to take the onus off of the user as much as we can. 12/
