I use iCloud's Passkeys extensively and have never had saved Passkeys "wiped out". I am not disputing that data loss bugs can happen, but three times for one user sounds pretty weird given the maturity of the ecosystem.
The most obvious explanations seem to me to be:
a) Apple loses data (presumably not just Passkeys, but also photos, passwords, and other highly noticeable stuff) all the time, and I've been lucky for the last ten years. Hundreds of millions of Apple users just learn to live with this.
b) The author is doing something weird.
c) This is hyperbole.
I'm probably picking nits, but it's like an article raising a bunch of legitimate criticisms of the internal combustion engine mentioning that the author's car has, while sitting in the parking lot, simply exploded on three separate occasions. Like, maybe?
It's not hyperbole. I recently (few weeks ago) got locked out of my GitHub account after iCloud Keychain thrashed my passkey and after analyzing the root cause it turned out to be a bug in webkit (that is now fixed in Safari technology preview after me raising it with the Webkit team)
The author is the main dev of an identity management platform and called kanidm, so yeah I'd wager their usage is fairly non-standard. That said, it should be almost impossible for it to happen anyway.
One thing that comes to mind is with the earlier WebAuthn implementations in iOS, before they were stored in iCloud and called passkeys, there was no management interface for stored passkeys and 'clear website data' (to delete cookies etc.) would actually erase all credentials permanently. It was useless this way.
I do not mean passkeys in general but early iOS implementation was useless since it deleted passkeys along with your cookies and other website data. The passkey iOS implementation is useful in its current form.
You generally enroll a passkey for a single device or connected group of devices. My icloud-syncing devices has a passkey. My windows laptop has another. My desktop has yet another. I have also enrolled my yubikey.
I could stop using my idevices tomorrow and not be negatively influenced.
I can't speak for OP, but for every service that I use passkeys with I enrolled both iCloud Passkeys (for convenience) and several YubiKeys (for portability and backup).
This is not different at all from a SSH public/private key combo. You are not supposed to duplicate SSH keys!
Your answer is totally reasonable, but I admit I don't have time for that in most cases.
1. Most services are not Passkey-only--most people are using it as a password alternative (e.g. eBay) or a second-factor alternative. So losing it won't lock me out.
2. A very small number (e.g. Google) let you configure Passkey as your sole second factor. For those, I am indeed careful to do what you do and have duplicates.
I do think this is kind of bad? So the grandparent totally has a point here: services find it hard to do only Passkeys (and thus realize the security benefits).
But, as a user, it's not something I worry about a lot, to be honest.
I was about to type something similar to this as well! I use passkeys pretty heavily, with iCloud sync. Never had an issue.
The only similar issue I can think of is sometimes my Macbook will loose the contents of the on device wallet, including in one case an ssh key stored there. That was somewhat annoying!
Agreed. I'm not so sure that some of the iCloud data loss bugs people talk about are actual data loss bugs. I've had a few issues over the years.
Firstly I spent weeks chasing down what I thought was a data loss bug in iCloud. After much effort I managed to reproduce it. Turned out it was an issue with TeXshop rather than iCloud.
Secondly, the one time I had a photo lost, it wasn't lost. I just couldn't find it in the 12000 photos I had. It wasn't where I'd left it.
The third one was a data loss bug, was reproducible, was reported to Apple and was fixed. This was due to how Numbers handles three devices and how it decides the winner of a conflicting change and was an edge case as number 1 awkward customer.
YMMV but user testimony may be as reliable as eyewitness reports.
To be clear, I don't work for Apple. :) And I'm not discounting that there are usage patterns that might lead to persistent bad experiences (like your example with Numbers).
But the implication that Keychain just kind of forgets saved Passkeys once in a while seems alarmist and probably unfounded.
Yeah exactly. It is possible that some expiry or provider specific bug may lead to revocation? I am not sure how it works entirely.
I will say that there are some very well known backup and restore issues with keychain however so I keep anything critical in MacPass as the primary copy.
The most obvious explanations seem to me to be:
a) Apple loses data (presumably not just Passkeys, but also photos, passwords, and other highly noticeable stuff) all the time, and I've been lucky for the last ten years. Hundreds of millions of Apple users just learn to live with this.
b) The author is doing something weird.
c) This is hyperbole.
I'm probably picking nits, but it's like an article raising a bunch of legitimate criticisms of the internal combustion engine mentioning that the author's car has, while sitting in the parking lot, simply exploded on three separate occasions. Like, maybe?