Yes, but I’m thinking as the developer of a sensitive app, I don’t believe I can trust all my users (b2b) to have secure device passcodes. And devices go missing occasionally. But I get the idea that it’s still “something you have”

No, the phone passcode is the failback for any failed biometrics. So where ever I save my passkey, that’s protected by Face ID, but could be overridden with a 4 digit passcode.

I personally like using keys. However on my super private data heavy app, I wouldn’t use them. Because of the iOS fallback to a passcode. (Which could be just 4 characters!)

Is there a way to avoid this, do you know? #laravel #passkeys #cybersecurity @freek.bsky.social @valorin.bsky.social

Intriguing thought… it could be the perfect moment for the discovery though; something monumental that wows the world so much people realise they have a common understanding?