Why Passkeys aren’t a panacea

1. Passkeys are password-less credentials built on Webauthn. The OS companies — Apple, Google and Microsoft — are responsible for their implementation

2. For most users, Passkeys are usually stored in the OS vendors secure cloud, eg iCloud, to sync across devices. 

3. This means that you need to have devices from the same ecosystem — a Mac and an iPhone — for sync to work

4. Naturally, there are plenty of people with a different mobile device vs. computer.

5. Further, OS vendors have been inconsistent with the various features of Passkeys they implement, eg Apple did largeBlob and Google did PRF.

6. Would expect this to take a few more years at a minimum before all the consumer UX kinks are rolled out.

Working on Farcaster and Warpcast. Longer thoughts at https://dwr.email

Sceptical of a future where cross platform passkey sync and recovery is a thing. Especially where Apple is concerned.

Apple is part of this working group. But agree that they won’t be super motivated.

Apple is part of this working group. But agree that they won’t be super motivated. 

https://fidoalliance.org/specs/cx/cxp-v1.0-wd-20240522.html