Passkeys are built on the FIDO2 standard (CTAP2 + WebAuthn standards). They remove the shared secret, stop phishing at the source, and make credential-stuffing useless.
But adoption is still low, and interoperability between Apple, Google, and Microsoft isn’t seamless.
I broke down how passkeys work, their strengths, and what’s still missing
Your passkeys aren’t synced to anything, so the passkey is no different than your password hash. They’re device locked unless you use something like bitwarden, so you’re no more dependent on American mega corps than you are right this second.I’m wrong.
Dont they all sync to the respective cloud services?
iOS vault -> synced apple cloud Android vault -> synced with Google cloud?
Windows Hello -> synced with Microsoft account?
And if they’re not synced, that’s even worse. Loose your device and loose your account. Or keep track of which of your 5 devices are have keys for which of your 150 accounts
Well shit, you’re right. I must not have been paying attention when they updated them to include that