[groovybits]

I see a lot of misinformation, or misunderstanding, of Passkeys in this thread.

I highly recommend reading Steve Gibson's notes on Passkeys from his Security Now! podcast episode #870: https://www.grc.com/sn/sn-870-notes.pdf (p. 10-13)

For context, Gibson developed, and completed, an entirely secure and working solution to the problem Passkeys aims to solve, called SQRL (which I argue is better than Passkeys in a few ways). He is familiar with this problem space, and explains Passkeys in a straightforward way.

You can find this full podcast episode on Twit.tv: https://twit.tv/shows/security-now/episodes/870

You can also find a full text transcript of the episode, transcribed by a human - by hand, here: https://www.grc.com/sn/sn-870.htm