[stavros]

Oh huh, I stand corrected. I thought passwords were easy, but, thinking about it, I've had lots of trouble trying to figure out which password I've used for each site.

I can definitely believe passkeys are easier, in light of that.

[90-00-09]

Personally I think that’s the best selling point of passkeys. Most non-tech people don’t use password managers and have to memorize passwords, reset frequently passwords they can’t remember, etc. Security is way harder to sell than convenience.

Saying that, I am struggling to understand what is the expectation for ordinary user behavior in terms of hardware-tied credentials. Eg so many people upgrade their iPhone every 1-2 years. If passkeys are not transferred to the new phone, what is the industry suggesting people do?

[stavros]

Passkeys are Google-synced WebAuthn keys, so there's no such thing as hardware-tied passkeys. If you want to use hardware WebAuthn keys, you should know what you're doing.