[cycomanic]

It's interesting how many argue that putting 2FA codes into a password manager is wrong because you combine 2 factors into one (not don't fully agree with that reasoning), but then are happy with passkeys. How are passkeys better?

[WhyNotHugo]

Passkeys are 1 factor authentication.

They are often better than only using a password (merely due to the fact that most humans pick terrible passwords).

But using a password + 2FA generally is safer than passkeys. This is especially true if you use webauthn for 2FA, since now one of your factors is basically the passkey.

[ghshephard]

Passkeys aren't susceptible to phishing. 2FA TOTP is. Also -your seed/token can be trivially stolen from a password manager. Getting the passkey private key somewhat more challenging.