"Passkeys, on the other hand, can’t be stolen or forgotten. They’re strings of letters and numbers that are unique to your account, stored on your device or in a safe cloud environment. You don’t need to memorize them — they’ll automatically unlock your accounts when you go to log in."
What prevents passkeys from being stolen or copied?
Can you export or backup your passkeys? Can you arbitrarily expire a passkey and re-key where it was being used?
If you cannot, then they are not your passkeys--they belong to Apple, Google, Microsoft, etc. and they have locked you into their ecosystem.
If you don't control your passkeys, what stops those who control "your" passkeys from using them without your permission?
"can’t be stolen or forgotten. They’re strings of letters and numbers that are unique to your account, stored on your device or in a safe cloud environment"
Can't be stolen, but are stored on a device that could be stolen? How do I then authenticate myself, if they're stored on my phone then they're only as secure as the authentication mechanism I use on my device. What if I need to access my Apple account because I lost my device if I've lost my device that the key is stored on that I can't remember?
Stored in a safe cloud environment, geez where have I heard that before.
If I don't know what they are and where they are then how can I control them? How do I authenticate myself to my account without having something on myself that's either remembered or something I have that could be stolen
If this isn't something I can really control or recover myself from, then I am worried about the idea of asking Microsoft for help if I am locked out
If we come back to basic principles of an authentication mechanism that is something you have, something you are and something you know. Where does this fit into?
What prevents passkeys from being stolen or copied?
Can you export or backup your passkeys? Can you arbitrarily expire a passkey and re-key where it was being used?
If you cannot, then they are not your passkeys--they belong to Apple, Google, Microsoft, etc. and they have locked you into their ecosystem.
If you don't control your passkeys, what stops those who control "your" passkeys from using them without your permission?