|
|
|
|
|
|
by michaelt
1086 days ago
|
|
|
> If your service associates a certain account to a certain public key, there's nothing an external cloud provider can do to solve the issue you describe. Without passkeys, if one of my users lost their "second factor" (e.g. lost phone) I had to provide a flow for them to get into their account despite that, while remaining secure. With passkeys, users can restore their "second factor" from a cloud backup, so long as they can get access to that cloud backup. Hence, my lost-second-factor flow is outsourced to the user's cloud provider. |
|
|