Comment by xg15

> What we actually need is for the WebAuthn spec to include a signal that tells credential managers "this passkey is load-bearing for encryption, not just auth" so they can surface appropriate warnings before deletion. Right now credential managers treat all passkeys identically.

This feels more like CYA/shifting the blame for me. If a service is designed so that I will lose all my data if I lose the passkey, then a "yo, don't lose that passkey, like, ever!" warning is the minimum, but doesn't solve the problem.

I found the initial suggestion "don't ever use passkeys for encryption of persistent data" more reasonable.

(Or what the sibling comment describes: Design the encryption in such a way there is an alternate key that could be used for decrypting)