TLDR; X has retired the old twitter.com domain, locking out passkey users who have missed their deadline to reenroll their security key to the new x.com domain.
I guess that is one drawback to passkeys! Although not a huge dealbreaker given the insecurities of other MFA methods, but this is still a huge concern for passkey users.
Imagine trying to login to a website you last visited 10 years ago only to discover that they changed their domain name 
Oh, I think I’m in that bucket of people. 
Not sure how much I do care about it tho. Twitter is quite dead to me for quite some time…
Can I play the devil’s advocate here?
I mean, its reasonable to think and believe that if a user has not used a platform in more than a few years that they no longer care to/don’t want to and hence don’t even care for having an account with the website. Users also have a responsibility to ensure of their online accounts one way or the other and keep track of it.
This is an example of why I’m dragging my feet on adopting passkeys despite understanding (at least the basics of) why they exist, and why companies are pushing there adoption.
An entire website being moved and poorly executed with a self-locked mechanism is probably not that common tho. Most people do their job well and do care haha. 
But even with passkeys enabled, you can still sign in with your standard username and password (plus your TOTP if you have it enabled), no? So is the reluctance still warranted?
Personally (for my own self) I think mild hesitation is warranted. I have pretty decent password hygiene, I use 2fa, and I have mild phishing-resistant habits built into my workflow, I also use hardware 2fa for things that rise to a certain level of importance. So I don’t really feel any strong urgency to improve my approach to login security. I perceive the security gains as marginal for my situation.
Given that context, I just prefer personally not being an early adopter of passkeys, waiting for the ecosystem and industry to mature around them, and waiting until I’m more educated of the pros/cons. My hesitance broadly, is mostly about preserving flexibility and control.
None of this is an argument against passkeys as a concept, I think they are most probably a big security upgrade for your average person on the internet, and have real improvements over the status quo. I’ll likely embrace them eventually, but for now, I’m adopting a wait and see approach.
But even with passkeys enabled, you can still sign in with your standard username and password (plus your TOTP if you have it enabled), no?
So long as it’s in addition to (and not in place of) password auth, I’d have a lot less concern.
However the other (larger) concern I have (which may just be due to my own ignorance) is my uncertainty about how difficult it might be to import/export passkeys (e.g. when switching password managers). I appreciate that password auth is not dependent on any specific device or account, and the flexibility and peace of mind that gives me. I want to make sure I understand the potential ways in which I’m constraining my future flexibility and choices before I make a change. Sometimes its easier to wait and see than it is to change course later.
An entire website being moved and poorly executed with a self-locked mechanism is probably not that common tho
Agreed. Edge cases like this on their own aren’t a significant enough factor to warrant avoiding passkeys. But it does illustrate a potential (and now real word) issue and risk to be aware of.
You have a balanced way you’re thinking in. I like that. I’m not always this measured.
I am a big sucker for hardware passkeys tbh, super simple, quick to use, asks for nothing personal. A bit of work to set it up on several initially but it’s also nice to have backups in case you lose/get one stolen. 
I really wish everybody would allow for WebAuthn to be deployed everywhere and more widespread amongst less tech-savvy people because it has so many benefits really. 
But it’s definitely a complex topic when you start. I myself wouldn’t say that I fully mastered all of it yet…
So long as it’s in addition to (and not in place of) password auth, I’d have a lot less concern.
And yes, usually you don’t have passkey only, it’s additive. 
Agreed. There is a trend of Big Tech companies trying to normalize Passkeys as the only source of authentication.
From this, we may see complaints of folks getting hacked because of a stolen/lost phone or yubikey. At least with 2FA, an attacker would need both the password and the passkey for a compromise to happen.
Realistically, this scenario would happen to someone who already has access to your passkey, such as a family member or romantic partner. Assuming that passkeys will become a more relevant authentication method, I foresee a lot of problems for people in abusive relationships.
I don’t expect the musk fanboys to ever unban me but that helps lol
You can add a PIN (more of a passphrase) to a Yubikey, which helps in case of a close person stealing your key and just accessing your accounts! 
Some of them also use biometrics. Hence it would be:
Quite a lot of conditions.
True! I completely forgot about Yubikeys having pins. That is so much better than phones that are being shared between people.
Twitter is and of itself a security/privacy violation. Is there a reason we’re talking about that here? That’s not rhetorical and I’m not trying to rake you over the coals. I’m genuinely curious.
Some people/stuff is only on Twitter and you’ll be missing out if you don’t go there.
Doesn’t make it a nice platform in itself but it has it uses.
Just like some creators are doing content for TikTok and Instagram, educating and having a bigger reach is sometimes more important than using a privacy-respectful platform.
Also, it’s mostly a news about Twitter here just like we could have any regarding OpenAI, Microsoft etc etc…