Passkeys are built on the FIDO2 standard (CTAP2 + WebAuthn standards). They remove the shared secret, stop phishing at the source, and make credential-stuffing useless.
But adoption is still low, and interoperability between Apple, Google, and Microsoft isn’t seamless.
I broke down how passkeys work, their strengths, and what’s still missing
its being pushed because corporations want to control your passwords with lock-in.
no way i’m using that garbage over my own manager with recallable plaintext passwords.
You can transfer passkeys between platforms? This is a non-issue
all at once? i don’t think so.
even then, corporate apps will always remove convenient features later for lock-in. i don’t fall for this shit anymore.