From the article:<p>> Some months later a person took the stage at FIDO’s Authenticate conference and annouced “a passkey is a resident key”. Because of the scale and size of the platform, this definition has now stuck. This definition has become so invasive that even FIDO now use it as their definition.<p>> Part of the reason this definition is hyped is because it works with an upcoming browser feature that allows autocomplete of a username and webauthn credential if the key is resident. You don’t have to type your username.<p>> This now means that we have webauthn libraries pushing for residentkey as a requirement for all registrations, and many people will follow this advice without seeing the problem.<p>> The problem is that security keys with their finite storage and lack of credential management will fill up rapidly.