Passkeys are built on the FIDO2 standard (CTAP2 + WebAuthn standards). They remove the shared secret, stop phishing at the source, and make credential-stuffing useless.
But adoption is still low, and interoperability between Apple, Google, and Microsoft isn’t seamless.
I broke down how passkeys work, their strengths, and what’s still missing
No, thanks. I’ll keep using password+2FA and I hope that passkeys never become “mandatory”.
Thanks to our dystopian hellscape we live in it’ll become mandatory just like useless online ids. I hate having to explain passkeys to my family. Some fuckface suit who doesn’t use it properly pushed for a portfolio addition.
But what’s dystopian about passkeys? They are actually more secure than Password + TOTP. Phishing out a passkey is practically impossible.