We had originally planned to go all-in on passkeys for ONCE/Campfire, and we built the early authentication system entirely around that. It was not a simple setup! Handling passkeys properly is surprisingly complicated on the backend, but we got it done. Unfortunately, the user experience kinda sucked, so we ended up ripping it all out...
  • Encrypt-KeeperEnglish
    12 hours ago

    Sure, and then that one password is compromised.

    Which means that entire service you used that password to login to is compromised. If you were using passkeys however, you would have nothing compromised.

    so if a service is breached, you’re basically as screwed with passwords as passkeys.

    No… with a passkey you would be not screwed at all. You’d be entirely unaffected.

    the security benefits are marginal in practice

    I mean in your own example that’s a reduction of 100%. That’s kind of a huge difference.