Comment by dennysora

Security is important, security is important, security is important — I keep emphasizing this point. But for me, that statement only really applies to people who genuinely understand security. I personally bought two YubiKeys, understand the associated risks, and store my credentials on those YubiKeys. However, many people today do not realize the risks involved. They casually store these things in places like a keyring and then never manage them properly. That does not necessarily mean they are secure. On the contrary, it can become another kind of danger, because once you start using passkeys, the level of access and authority tied to them is significant. If they are lost or leaked, the consequences can be disastrous. I am glad to see that the industry is paying more attention to security, but at the same time, I believe these more specialized aspects should be aimed at people who actually have the relevant expertise. Passkeys do have a learning curve. For ordinary users, they often just click through a few prompts and end up binding themselves to a system without really understanding what happened. On top of that, with modern systems relying on encryption and TPM, once a computer runs into serious problems, many people simply have no way to recover their data. For the average user, 2FA is already sufficient.