And then losing access to everything when moronic automated Google systems ban your account for $REASON with no chance to appeal it.

I recently ran into an interesting problem -- my Microsoft account (used as a spam lightning rod) borked a passkey stored on a Fido token and refused a paswordless sign in. Same thing happened with a second backup token made by a different company. If I didn't have a password fallback, and that account was important, I would have a massive problem with no way to solve it. But the world has not yet gone completely insane, so I fired up my trusty KeePassXC and was in in less than a minute.

Well, they'd have to ban your account and destroy your device with the passkey before you could change it. I don't think they have that power (yet).

Hahahaha good one.

I love the idea of passkeys; I hate the experience of passkeys, especially when it comes to having to reach for my phone to log into a desktop web site.

In 10 years time we'll have as many “why you should never use passkeys” on HN as we have for JWT nowadays.

Please, for the love of god, no.