Totally - it's super confusing! Apple actually seems to let me plug my passkey into my device (including my phone) and then it works. But I'm not native apple - all my work stuff is Windows / Linux etc. And passkey is garbage there. I think even bitwarden is trying to hijack the passkey now. How is this a second factor? If my vault password is taken, and the passkeys are in the vault - then aren't you screwed.The whole point of a little yubikey is that if someone gets my password, they also have to get the yubikey. The chances of that, while not zero, are MUCH smaller. And then I can do a little recovery envelope with a yubikey in it as a backup.
No comments yet.