[bigiain]

Same. I have a pair of Yubikeys that I have a quite strict process of management that I'm confident enough in. One lives in a "fireproof" lockbox, the other on my keyring - and I make decisions about whether to get the locked one out when activating 2FA immediately or wait til later based on the nature of the login I';m protecting. I will keep using this as long as needed until time and social media outrage (or lack of) proves out the effectiveness of passkeys over time.

A second Yubikey in a safe is a lower cost option than a second passkey compatible device...

[HeatrayEnjoyer]

What happens if both are lost? Homeless people often lose/are robbed of their possessions. Many people have abusive partners. Sudden destructive emergencies occur (house fire, night tornadoes, unfortunate simultaneous emergencies).

What is the recovery process and what prevents it from being gamed itself?

[bigiain]

Sure, that's a risk.

But I bet those scenarios you've posited apply equally to the devices with your passkeys on em, right? I'm confident enough that between the one on my keyring in my pocket and the one in my lockbox at home, if I've somehow lost access to _both_ of those I've got more problems in my life than my gmail/github/whatever logins.

And the recovery process and gaming thereof questions apply equally to the passkey protected accounts as well, no?

[romwell]

Yes, the question is: what's a person to do in that case?

Particularly if they only have one device (a phone), and they lose it.

[HeatrayEnjoyer]

You rephrased my question, but didn't answer it.