Passkeys are built on the FIDO2 standard (CTAP2 + WebAuthn standards). They remove the shared secret, stop phishing at the source, and make credential-stuffing useless.
But adoption is still low, and interoperability between Apple, Google, and Microsoft isn’t seamless.
I broke down how passkeys work, their strengths, and what’s still missing
And they can be hardware based as well. I have a cheap Yubikey USB dongle, which works as a passkey vault as well. Completely OS independent.
Yeah I have a few of those for the most secure stuff. Hard to beat! The USB-C one is the newest and I debated the choice but damn these days it’s great how it works with everything.