[sholladay]

When you created the passkey, there was an option to store it on an external security key. It was probably some smaller text or a button towards the bottom of the confirmation dialog.

Since most users would prefer to store it in iCloud (or competitor) and have it synced to all their devices, that’s the default. But you can keep using external security keys in this new passkey-based world. You just have to opt-in to it.

And yes, I agree that external security keys offer better security, at the cost of a little convenience.

[tempnow987]

I've tried to use an a key on a device, but they DON'T seem to work everywhere. If I use an apple phone for my key, how does that work with Chrome on Windows or just for Windows logins?

If I'm using whatever windows is pushing (maybe INSIDE windows - so if they get my pin/password I'm hosed?) how does that work on my iphone or for Apple TV login?

The whole thing is a freaking mess. U2F or whatever came before was so easy by comparison. Seemed to work very well cross platform. If you had a NFC version you could bring it close to your phone and touch a button and voila - authenticated. Or plug into a computer and touch a button. And it seemed to work with Chrome / Windows etc etc.