Yeah, that’s definitely a legit concern. Passkeys are cool in theory phishing-resistant, easy to use, no need to remember stuff but in practice, they can feel like a bit of a trap if you don’t fully get how they work. The fact that they’re often locked into an ecosystem (like Apple or Google) means if you lose access to your device and don’t have a backup, you’re basically screwed.

It’s kinda like a password manager that you don’t even realize you’re using and that’s the sketchy part. At least with a password manager, you know where your stuff is and you can export it if needed. With passkeys, if the platform doesn’t offer good portability or recovery options, you’re in trouble.