Passkeys are built on the FIDO2 standard (CTAP2 + WebAuthn standards). They remove the shared secret, stop phishing at the source, and make credential-stuffing useless.
But adoption is still low, and interoperability between Apple, Google, and Microsoft isn’t seamless.
I broke down how passkeys work, their strengths, and what’s still missing
Instead of saying how it doesn’t work, it’d be more constructive to explain how it does.
Seems a little redundant when the article we’re all commenting on does precisely that.
You mean like… the article you’re commenting on does?