sure, you can use a passkey as a primary authentication, but only “a device” or “system”(keypass/1pass etc) knows the passkey detail.
with only passkey, if my passkey provider/ device is compromised then everything is lost. having single factor auth seems like a bad idea.
a password is something that I can know, so is still useful as a protection mechanism.
having two factor auth should include password and passkey, which seems entirely reasonable whilst also providing an easier path forward for people used to TOTP.
sure, you can use a passkey as a primary authentication, but only “a device” or “system”(keypass/1pass etc) knows the passkey detail. with only passkey, if my passkey provider/ device is compromised then everything is lost. having single factor auth seems like a bad idea.
a password is something that I can know, so is still useful as a protection mechanism. having two factor auth should include password and passkey, which seems entirely reasonable whilst also providing an easier path forward for people used to TOTP.