why is every website trying to push me to set up a passkey to log in
@zandra because they’re substantially more secure than the alternatives (but they come with a bunch of caveats currently around not ending up with them spread across multiple passkey stores without noticing)
@zandra the key advantages are a) they can’t be passed to an attacker who’s on the phone with you even if you try and b) they’re immune to domain typos/convincing looking fake login pages because they will *only* trigger for the domain they were created for.