The #1 issue as far as I'm aware is that there's no good story around portability. It sounds like using Passkey equals vendor lock-in right now.
Idk how representative this is, but there's been some criticism recently, and the response from some of the people behind passkeys implementation seem mostly dismissive of the criticism. I base this opinion after watching this 'debunking' video on the criticism of passkeys by some key players:
I was kind of surprised they sort of looked down on the people with concerns. I didn't really have a strong opinion about Passkeys, before watching this. But after watching, I got the impression they people behind Passkeys are probably smart as hell but perhaps not the best stewards of developing open standards and advocates for the general public.
Disclosure: I'm the author of the first blog post.
I think my personal biggest learning when developing passkey-based authentication is that there's a bunch of useful WebAuthn libraries for every major language / framework. However, these libraries only cover very basic uses cases to login and create a passkey. In real-life applications though there are so many scenarios (users deleting the private key of a passkey, users using non-passkey-ready devices, etc.) that require substantial work on your own and it's not really obvious when you start developing a passkey-based auth solution. It's something that most devs discover on the journey.
https://www.corbado.com/blog/passkey-implementation-pitfalls...
The #1 issue as far as I'm aware is that there's no good story around portability. It sounds like using Passkey equals vendor lock-in right now.
Idk how representative this is, but there's been some criticism recently, and the response from some of the people behind passkeys implementation seem mostly dismissive of the criticism. I base this opinion after watching this 'debunking' video on the criticism of passkeys by some key players:
https://www.linkedin.com/events/debunkingmisconceptionsabout...
I was kind of surprised they sort of looked down on the people with concerns. I didn't really have a strong opinion about Passkeys, before watching this. But after watching, I got the impression they people behind Passkeys are probably smart as hell but perhaps not the best stewards of developing open standards and advocates for the general public.