(no title)

I agree!

> This does not tell me what a passkey actually _is_.

FAQ's [sic] - Passkey - What is a Passkey?

https://fidoalliance.org/passkeys/#faq

Third paragraph, second sentence

> "The cryptographic keys are used from end-user devices (computers, phones, or security keys) that are used for secure user authentication."

"The cyptopgraphic keys" is casually mentioned here with an implied reference to being passkeys. It never explicitly states passkeys are, in fact, "cyptopgraphic keys".

Very poor communication indeed.

Tell me about it. All of the terminology around FIDO is super confusing, and FIDO themselves make no effort to clarify or acknowledge the confusion.

Everyone (including Yubico) uses the terminology incorrectly in a way that makes it super hard to get to the bottom things.

I am a pretty technical user, and I would rather become a farmer than move to whatever "passkeys" are. Yubikeys or phones or whatever, I've had too many of these things go bzzzt, go missing, get wet, get broken, etc.

If a "passkey" is as reliable as my house key or car key, i.e. I can accidentally put it through a wash/dry cycle, then maybe. Maybe.

The nice thing about a username/password combo is I can remember them and use them everywhere. It's really straightforward. Whatever gimcrack method people use to implement "passkeys," does it work everywhere? Guaranteed?

I get it that there are some use cases where you need to have a hardware device, a passcode, a PIN and the blood of a left-handed virgin before you can access something, but those are edge cases. I almost never say this, but seriously, it would be easier and less troublesome to "educate users on the utility of passphrases instead of short passwords" than to make passkeys a thing.

>This does not tell me what a passkey actually _is_.

Right!

And that is why I submitted this on HN:

ELI5 Passkeys, Please:

https://news.ycombinator.com/item?id=36715358