I see. The line in passkey link causes confusion for me:
using a passkey from the local Android device
So the local Android device here is the current device creating the passkey, not another Android device hosting the passkey connected locally (bluetooth…)
When I see statements like “this is more secure, safer, etc.,” I start laughing because it is easy to crack anything man made, no matter if it is software or hardware. Passkey has yet to have a properer shake down, nor does it have history to silly statement that it is more secure. Time will tell. I stick with what is good and true practise, Passwords. And the various vendors competing for their products is another mess I’m not willing to play.
Wi-Fi security has gone through 3 different updates, simple because each method implemented were hacked and crack over time, have you forgotten so quickly, so the statement hold true, I am making a broad statement, not an absolute. Why do you think various vendors bring out updates? To give their products new tools, partly, but part of the update, is to fix bugs to stop hackers. Don’t be so quick, what is strong encryption today is weak encryption tomorrow, wise up.
Contrary to the beliefs of the former Australian Prime Minister, the laws of mathematics do in fact apply everywhere, even Australia. Implementations can be and sometimes are flawed but math is math and encryption, when implemented correctly, is theoretically unbreakable, contrary to any other form of lock.
Passkeys are based on the FIDO standard, which security keys have been using for years, so your statement isn’t accurate.
Your example about WiFi kind of works against your claim. Just as we knew with older WiFi standards that there were significant issues with them, we have known for a long time that there are significant issues with passwords, and so, passkeys were invented to address these issues.
Technology stand for no man, when it becomes more complex, it is more vulnerable to hackers, hackers have time, vendors don’t. Remember, most people are not interested in updating or going out to buying the latest, greatest products.
Well if we’re talking about complex, look at how many different technologies you need to make passwords secure. First, the user needs to come up with a secure password which humans are terrible at, so we install a password manager to do it for us. Then, the password needs to be transmitted to the server so we need encryption in between you and the server. Then, the service needs to securely store the password hashed and salted properly. You also need to worry about phishing, so we need some kind of 2FA, a lot of the time SMS or TOTP which can still be phished. You’ll also notice that typically services will force you to give an email or phone number to use as a form of 2FA which isn’t great for privacy. Then you have to worry about the possibility that someone sees you type your password in or a camera records it, so again need to rely on the 2FA. All of this gets taken out of the picture with passkeys, if implemented properly.