> Because at the end of the day the ability to export your private keys and store them somewhere securely is the account recovery of last resort.
Or just have multiple passkeys for the same account. It doesn't matter if I lose the passkeys on my laptop because I've got other passkeys to those accounts on several other devices.
> Passkeys aren't HSMs -- the fact that you can sync them via your iCloud or Google account should dispel any such nonsense
Resident keys practically are HSMs, aren't they? None of my passkeys are backed up to a Google or iCloud account.
> If a warning message on export "Never share this with anyone. Even someone you trust. Even your IT department. There is no reason anyone but you should have access to this key.
In those conversations with people who should be experts I usually made a point to tell them send me the public key and told them to never share the private. They still sent the public. People have been told to never share passwords either but I still often hear "yeah my password for this is blahblah123..." when asking for help.
Or just have multiple passkeys for the same account. It doesn't matter if I lose the passkeys on my laptop because I've got other passkeys to those accounts on several other devices.
> Passkeys aren't HSMs -- the fact that you can sync them via your iCloud or Google account should dispel any such nonsense
Resident keys practically are HSMs, aren't they? None of my passkeys are backed up to a Google or iCloud account.
> If a warning message on export "Never share this with anyone. Even someone you trust. Even your IT department. There is no reason anyone but you should have access to this key.
In those conversations with people who should be experts I usually made a point to tell them send me the public key and told them to never share the private. They still sent the public. People have been told to never share passwords either but I still often hear "yeah my password for this is blahblah123..." when asking for help.