Comment by packtreefly

There are some obvious, significant benefits I can think of off the top of my head:

- Passkeys give the website no secret to keep.

Breach of the passkey public key is not an event worthy of credential rotation.

- Passkey authentication is submitted via a rigorously-defined mechanism intended for machine-to-machine communication.

Ever had your password manager try to fill the wrong field with your login credentials? Passkeys cannot make that mistake. There's no heuristic mechanism at play trying to figure out where to insert the passkey.

- Passkeys are immune to credential theft via MITM

Sure the MITM could hijack the session, but not the credential. (I know this one is a stretch, but you asked for anything)