For Phishing Non-Enthusiasts Only (Score 1)

Passkeys solve the problem of someone phishing a user into giving them their password. Great. These potentially solve for 36% of data breaches as of 2023. However, Google and Apple want to make the device you're logging in from the same device as the passkey. They also don't allow an admin to turn passkeys off as a factor from the accounts admin console. This means that a thief who manages to grab an unlocked phone or a laptop from an unwitting mark has her device and entire login. Appreciating that this likely happens less than successful phish, it still happens a lot and its frustrating that they're leaving us so exposed. A stronger implementation would include a device opt-out/granular device select and something like a Titan physical key. Until then, I'd prefer to stick to my other factors except... I can't. This is forced on all users.