| Passkeys are half baked as implemented and rolled out by apple and Google. Personally, I will never use them until apple and gooqgle can explain what the implications are across all their services and all my devices. For example, say I switch to passkeys for my Google login. How do I login to YouTube on my Roku device? If I buy into apple passkeys how do I log in to apple music on android? The answer to the above will always be via passwords. Personally I want one passkey for Google and one for apple on my yubikey and that's it and password backup for limited devices with password backup for login. The author is correct that requiring the cloud is asking for tons of trouble, but people that say they have to dig yubikeys out of a drawer are not yubikey users. Yubikey users attach them to Keychains or wallets because they ACTUALLY use them and keep backups of them. Personally, I think Apple's 2 factor is a joke and likely dangerous. I dont trust Google to not screw up passkeys either. |
The passkey does not have to be on the same device. It can be, but does not have to be. The Roku can display a QR code, and a passkey on a phone can perform the login. I logged into google on my windows laptop yesterday with a passkey on my iPhone. A prompt in chrome appeared basically asking “is your passkey on this laptop, or on a phone” and then displayed a code after I picked phone.
I hope eventually one of the major password managers implements Passkey support. I have Vaultwarden on all of my devices; I’d ideally love for Vaultwarden to store my passkey(s). It wouldn’t be any different from how I login currently, but with fewer passwords. There really isn’t much reason to stay locked into Apple or Google as far as I can tell.