I look forward to info stealers dumping Passkey apps and leakage via additional device enrollment, and not having clear mechanisms for rolling all your Passkeys.
Device attestation and signing transparency logs are quite necessary for users to have visibility of where/when Passkeys have logged in. Really they should also have key ratcheting so stolen keys become useless.
Device attestation and signing transparency logs are quite necessary for users to have visibility of where/when Passkeys have logged in. Really they should also have key ratcheting so stolen keys become useless.