I thought passkeys were supposed to be a hardware device?
This is typical embrace/extend/extinguish behavior from the large platforms that don’t want their web-SSO hegemony challenged because it would mean less data collection and less vendor lock-in.
The whole idea of passkeys provided by an online platform should have been ruled out by the specification. It completely defeats the purpose of passkeys which is that the user has everything they need to authenticate themself.
I thought passkeys were supposed to be a hardware device?
Did you just admit to not even knowing what a passkey is and then decide to continue to write another two paragraphs passing judgement on them and the motives behind them anyway?
If you think that I’m misunderstanding something and arguing from a false premise then please feel free to engage with the discussion.
I don’t think that, you said that. It’s the very first sentence of your comment. You literally said that you misunderstood them to be hardware keys.
And yes, everything else you said is demonstrably false as well. The FIDO alliance and even specifically the companies within it that are pushing Passkeys the most, are advocating for them to be cross platform without any lock in. 1Password is one of the companies pushing for passkeys, they’re even behind the https://passkeys.directory and allow you to securely import and export passkeys so you aren’t locked in. They also made recent changes to the spec itself to make moving and owning passkeys easier. And that’s not even to mention the fact that Passkeys are just key pair, which don’t require any platform or technology to implement that isn’t built into your device.