She follows same reset flow as before. Passkeys are identical in this respect to...

cuu508 · 2025-08-07T06:03:29 1754546609

If granny forgets her password, she looks it up on the last page of her notebook where it is written down. Granny cannot write down her passkey.

To avoid getting locked out you could add 2-3 passkeys from different providers to each account. And/or use a passkey provider that allows backups, and back up your keys. But I doubt many people will have the discipline to do either of that.

politelemon · 2025-08-07T05:56:27 1754546187

Then that's worse, it's now two authentication flows to remember. It's only made the situation more complicated.

raphinou · 2025-08-07T06:21:49 1754547709

Honest question: isn't that introducing some weaknesses, allowing the attacker to either reactivate password auth or add it's own passkey eh by tricking the user in accepting that change after receiving a mail with a link to accept that change? That would make the passkey unbreakable, but leave other easier to exploit weaknesses.

izacus · 2025-08-07T07:09:45 1754550585

No. You always need that flow.

jonplackett · 2025-08-07T08:06:17 1754553977

The problem with passkeys is they’re very unfamiliar and it’s easier therefore for less experienced users to get confused or tricked.

rcxdude · 2025-08-07T08:10:48 1754554248

Passkeys are more like 2FA, and many services disable password resets without 2FA if it's enabled.

account42 · 2025-08-07T10:54:25 1754564065

Do you have any examples of such services? How do they handle the lost phone case? Tell people to go pound stand?