When I initially read about passkeys, I understood they'd replace the email/password flow.<p>However, I have been using passkeys (when I can) with 1Password and so far my experience is that they "just" replace TOTP that were already pre-filled by 1Password anyway. So in terms of UX there is not a big gain.<p>I guess that the current advantage is that passkeys are cryptographically secure, while in theory 1Password TOTP auto-fill is based on just matching domain names.<p>Am I missing something here?
They can be. Depends on how the are implemented.<p>Passkeys can:<p>- Replace the whole login (including discovery of the user id)<p>- Just replace the password, after a user specified a user id<p>- Be used as a second factor just like TOTP<p>They are definitely more phishing resistant for what it’s worth, even if just used for MFA. TOTP codes can be copied manually by an unsuspecting user.