[megous]

Yes, valuing simple and thus very robust things that you can have full control over is somehow something that can just have the explanation you've given, and nothing else. :)

[stavros]

Passwords are definitely simple and robust. Unfortunately, they aren't secure, a property we generally want in our authentication methods.

[megous]

> ...unique passwords per account...

[stavros]

Still not secure enough, sadly. They can be captured, leaked, stolen, phished, etc, and that's if you use them correctly.

[megous]

Passkeys can't be stolen, got it. :)

[stavros]

Yep, hardware Passkeys can't.

[megous]

Physically impossible to just take someone's HW token. And firmware/HW has no bugs, so malware taking the keys is also impossible to write. There were never ever any FIDO token vulnerabilities and never will be.