The problems highlighted in the first section are optional however. Forcing a particular authentication / device attestation method isn’t a passkey problem, it’s a provider problem. They are free to do that today with or without passkeys. Equating passkeys = bad because of that feels harsh; it is like any scenario where bad actors behave badly with any given technology.
The problems highlighted in the first section are optional however. Forcing a particular authentication / device attestation method isn’t a passkey problem, it’s a provider problem. They are free to do that today with or without passkeys. Equating passkeys = bad because of that feels harsh; it is like any scenario where bad actors behave badly with any given technology.
Passkeys give them an excuse to block devices 'for security reasons ’