There are many non-phishing times my password manager fails to autofill. That’s a problem, as it does lead people to get lazy. However, it will show the login, that I’m on the right site, it just won’t fill it. In these situations, I do end up copy/pasting it in. It’s my only option. If passkeys break in this way, for whatever reason, you’re just screwed.

There are also times when companies change their URL. Or their app using a different URL for their auth API than the website URL. If it’s obvious, the new URL can be added to the password manager to fix this. If it’s an API the user can’t see, this is much more difficult, especially if using a 3rd party password manager, it’s basically impossible. The only thing that made me aware of this, was when Apple introduced their password management and I could see all the login data if saved from various app. All kinds of URLs that were otherwise invisible to me.

What happens to a passkey in this case? Make a new account, start over?