whats the benefit of passkeys if not enforced at all?!
PayPal has been shoving in my face for months to create a passkey. I use 1password so I gave in today and set one up.
Logging in now defaults to asking for passkey which the 1password extension happily provides. Okay.
Out of curiousity, I tried to login from a browser that does not have 1password extension. PayPal didn't even bother to ask for a passkey and straight away showed the normal email+pw login mask.
- If I can't remove the normal password fallback, how are passkeys more secure?!
- Is there really no other way to provide a passkey other than through the browser extension? Sounds flawed, but.. maybe I'm just not getting something here.