[ylk]

Find your phone: https://www.icloud.com/find/

Scanning a QR code: https://support.apple.com/en-us/102680

The time investment could even be worth it, since "Signing in with a passkey is three times faster than using a traditional password and eight times faster than a password and traditional MFA", according to the article.

[doublerabbit]

Find your phone: https://www.icloud.com/find/

-> I have that turned off

Scanning a QR code:

-> My back-camera lens is shattered. Using the front is dodgy at best. I don't feel like I need fork out for an to upgrade as I use a digital camera if I want to take pictures.

What about those don't use smart phones?

[ylk]

Register a passkey on a different device or get a hardware key or whatever. Or call Microsoft support and complain to them. This doesn’t feeling like an honest discussion anymore.

[Prickle]

It absolutely is a Valid question. At the end of the day, the problem with passkeys Is that they are explicitly negatives for common people.

Have a broken phone camera? Cannot scan qr codes.

Lost the phone? Cannot log into vital modern day accounts like email.

Your house burned down, and the passkey device with it? Say goodbye to literally everything.

Homeless (temporary or otherwise) persons, random local government sweep just trashes everything you own. Bye bye to the passkey again.

[brokenmachine]

You're going to need some technology if you expect to interact with technology.

[Prickle]

Right, but unlike a passkey, my password doesn't discriminate based on the device I use.

If my phone explodes like a Samsung surprise, and my laptop turns into a spicy pillow;

I can in the worst case scenario, still log in via the local library PC.

I could borrow a device from a friend, or buy a second hand Thinkpad and use that.

That is to my knowledge, not possible with a passkey device.

[ylk]

There are syncable and hardware-bound passkeys and you are free to use a password manager that syncs your passkeys. iPhones don’t even let you create a passkey with the built in password manager if you have synchronisation disabled. I don’t know for sure if Google does the same but I expect them to.

If you’re remembering all your passwords there’s a good chance they’re terrible, you frequently re-use them or both. That really helps attackers e.g. when they use leaked passwords to run credential stuffing attacks on your employer.

You just wrote two comments bashing a technology you admit you didn’t properly educate yourself about.

[Spivak]

The "how do you recover from zero devices" problem is a real one. It's not a problem at work because you have a root of identity and access to a human (your IT dept) who can reset you. For public services like Google, if you lose your recovery methods then go fuck yourself.

Something I know is the only authentication method that can't be physically destroyed. When your customers are the masses every failure mode that can happen will happen, usually at the most inconvenient time.

What sucks about passkeys in abstract is that you want at least two failure modes that are uncorrelated— you're unlikely to forget your password and have your house burn down at the same time. Passkeys consolidate everything into to physical possessions which can be and are destroyed all at once.