I knew that "passkey" had grown to refer to a set of different things. I can't say this upsets me, as it does sound like progress over the old status quo. Still, is confusing for those of us that bought in at the beginning.
In particular, they distinguish between "copyable" and "hardware-bound" passkeys. They're both passkeys, and can be used wherever passkeys are supported, but only the "hardware-bound" passkeys support attestation.
The terminology is definitely a mess, but I believe at least “passkey” has never referred to hardware authenticators. Those were usually called “security keys” or similar.
Agree. Passkey should be reserved for credentials that can be synced or exported to different providers, as this is what is most analogous to a password from a user perspective.
There should be a different standardized term used for hardware bound keys. So users wont get confused.
