Passkeys are built on the FIDO2 standard (CTAP2 + WebAuthn standards). They remove the shared secret, stop phishing at the source, and make credential-stuffing useless.
But adoption is still low, and interoperability between Apple, Google, and Microsoft isn’t seamless.
I broke down how passkeys work, their strengths, and what’s still missing
OK, now think how nontechnical people will not be able to do it. They will be tied to Google/X-corp for all credentials, even government ones. Waiting to be banned if their social credit is too low.
Nontechnical people can use BitWarden/Keeper/Proton Authenticator/any other major system like that instead of self-hosting.
True. But I would say that this isn’t an issue intrinsic with passkey. Many people don’t have time/energy or the attitude to think critically about technology and are herded towards Google/X-corp/etc with offers of convenience and because they are often the only offered choice on the web sites. But from the POV of passkey they just act as a password manager.