This rant is utterly factless and at an absolute novice level. It is correct that building a passkey-first system (without fallbacks) is not possible today, but that's like going all in on Google Social login and then ranting about why not all users can access the system.

Passkeys are never going to be possible without fallbacks, for the same reason that hardware keys aren't possible: people frequently lose their devices.

And if people let Google handle their passkeys, then it's equivalent to going all in the Google Social login.

Passkeys have absolutely no advantage over using a password manager. If your browser can generate, store and autofill passwords, then we're talking about the same level of convenience.

I don't mind passkeys, but that's only because I use them with a cross-platform password manager that I can trust. And it will be a really long time before I recommend the use of passkeys to my family and friends.

> we built the early authentication system entirely around [Passkeys]. It was not a simple setup!

it is though

> Handling passkeys properly is surprisingly complicated on the backend,

it's not though

> but we got it done. Unfortunately, the user experience kinda sucked,

true

> so we ended up ripping it all out again.

fair enough, but don't couch that in misdirection about the spec and work involved.

The relying party not being able to assume the user can take one secret with them is a feature that comes with a cost.. The lack of a reference correct relying party library in each language is a reason that cost is too high.