Scoring visualizer · fixture preview

Are passkeys ready to become the default way users access digital products?

are-passkeys-ready-to-become-the-default-way-users-access-digital-products-2026-05-18 · state: ready · 11 steps

Scoring run

After comment bcwZGs (step 9)

1 run

Team A

15.000

Net score

+43.921

Comment bcwZGs · Δ -3.825 · total +43.921

Team B

8.000

Criterion sc1

Increasing practical day-to-day sign-in usability for typical users when products make passkeys the default.

Team A
L: 5.000
Null: When products make passkeys the default, this would have no relevant impact on practical day-to-day sign-in usability for typical users.
d: 0.00

No linked atoms.

When products make passkeys the default, this would increase practical day-to-day sign-in usability mildly because many users can approve access with familiar device biometrics, even though some flows remain somewhat cumbersome.
d: 1.00Σ +0.530
AtomWeight
Passkeys are unlocked using device biometric methods such as Face ID or fingerprint scanning, often letting users sign in without remembering a password, especially on synced devices in the same ecosystem, similar to Apple Pay and phone unlocking.0.338ω=0.88
Chrome integrates passkey support with its password manager, enabling passkeys to be synchronized across a user's devices.0.267ω=0.96
Apple's ecosystem can sync passkeys across a user's devices in many cases.0.251ω=0.96
A memorized password can be entered on any phone or laptop with a keyboard, allowing access even if the user's primary device is lost or stolen.-0.233
When a website does not support passkeys, browsers can display a message such as "no passkey for this website".-0.218ω=0.70
Passkeys are stored on a device, hardware key, or synced vault such as an operating system, browser, or third-party manager rather than in a user's memory; many users do not know where their passkey resides or lack backup access, so losing that device or vault without backup can lock them out of accounts that rely on that passkey.-0.204ω=0.75
The WebAuthn protocol has undergone multiple iterations and is considered production-ready.0.187ω=0.91
Password-manager applications can generate and store random long passwords and synchronize them across devices, but often require users to copy-paste credentials and can suffer from field-recognition failures and mismatched or differing URLs.0.114ω=0.55
Passkeys are being adopted by all companies.0.028ω=0.10
When products make passkeys the default, this would increase practical day-to-day sign-in usability moderately because routine authentication is often simpler than typing, storing, or pasting passwords and avoids many password-manager field and URL problems.
d: 3.00Σ +0.912
AtomWeight
Passkeys are unlocked using device biometric methods such as Face ID or fingerprint scanning, often letting users sign in without remembering a password, especially on synced devices in the same ecosystem, similar to Apple Pay and phone unlocking.0.541ω=0.88
Chrome integrates passkey support with its password manager, enabling passkeys to be synchronized across a user's devices.0.464ω=0.96
Apple's ecosystem can sync passkeys across a user's devices in many cases.0.448ω=0.96
When a website does not support passkeys, browsers can display a message such as "no passkey for this website".-0.369ω=0.70
A memorized password can be entered on any phone or laptop with a keyboard, allowing access even if the user's primary device is lost or stolen.-0.350
The WebAuthn protocol has undergone multiple iterations and is considered production-ready.0.334ω=0.91
Passkeys are stored on a device, hardware key, or synced vault such as an operating system, browser, or third-party manager rather than in a user's memory; many users do not know where their passkey resides or lack backup access, so losing that device or vault without backup can lock them out of accounts that rely on that passkey.-0.308ω=0.75
Password-manager applications can generate and store random long passwords and synchronize them across devices, but often require users to copy-paste credentials and can suffer from field-recognition failures and mismatched or differing URLs.0.198ω=0.55
Passkeys can replace separate two-factor authentication by incorporating the second factor into the credential, making 2FA obsolete.0.152ω=0.70
Support for passkeys varies across browsers, PWAs, devices, websites, and platforms, producing inconsistent experiences and making migration between ecosystems or passkey managers sometimes clumsy or impossible, especially in mixed-device setups.-0.145ω=0.70
Many sites that offer passkeys still retain a password or SMS code as a backup authentication or recovery method.-0.096ω=0.40
Passkeys are being adopted by all companies.0.044ω=0.10
When products make passkeys the default, this would increase practical day-to-day sign-in usability strongly because most routine sign-ins become almost the same interaction as phone unlocking or Apple Pay and remove most password-entry friction.
d: 5.00Σ +1.690
AtomWeight
Passkeys are unlocked using device biometric methods such as Face ID or fingerprint scanning, often letting users sign in without remembering a password, especially on synced devices in the same ecosystem, similar to Apple Pay and phone unlocking.0.788ω=0.88
Chrome integrates passkey support with its password manager, enabling passkeys to be synchronized across a user's devices.0.677ω=0.96
Apple's ecosystem can sync passkeys across a user's devices in many cases.0.661ω=0.96
When a website does not support passkeys, browsers can display a message such as "no passkey for this website".-0.541ω=0.70
The WebAuthn protocol has undergone multiple iterations and is considered production-ready.0.511ω=0.91
A memorized password can be entered on any phone or laptop with a keyboard, allowing access even if the user's primary device is lost or stolen.-0.500
Passkeys are stored on a device, hardware key, or synced vault such as an operating system, browser, or third-party manager rather than in a user's memory; many users do not know where their passkey resides or lack backup access, so losing that device or vault without backup can lock them out of accounts that rely on that passkey.-0.454ω=0.75
Password-manager applications can generate and store random long passwords and synchronize them across devices, but often require users to copy-paste credentials and can suffer from field-recognition failures and mismatched or differing URLs.0.277ω=0.55
Passkeys can replace separate two-factor authentication by incorporating the second factor into the credential, making 2FA obsolete.0.241ω=0.70
Support for passkeys varies across browsers, PWAs, devices, websites, and platforms, producing inconsistent experiences and making migration between ecosystems or passkey managers sometimes clumsy or impossible, especially in mixed-device setups.-0.231ω=0.70
Native apps distributed via app stores can implement passkey authentication with full control, bypassing browser integration constraints.0.175ω=0.85
Many reputable websites typically offer either a passkey login flow or a password-plus-two-factor-authentication login flow; in the latter case, intercepting the password alone is insufficient without the second-factor device.0.171ω=0.70
Passwords are the de facto standard authentication method today, and user-chosen memorized passwords are frequently weak, short, or reused across multiple sites, making password-based access more vulnerable to compromise than passkeys.0.159ω=0.70
Authenticator apps for two-factor authentication are familiar to many users, but they can create access problems if the device storing the secret is lost before the secret is synchronized elsewhere.-0.154ω=0.70
Many sites that offer passkeys still retain a password or SMS code as a backup authentication or recovery method.-0.153ω=0.40
Passkeys are being adopted by all companies.0.062ω=0.10

Criterion sc3

Increasing the extent to which default passkeys remove separate two-factor-authentication steps from routine access.

Team A
L: 5.000
Null: When products make passkeys the default, this would have no relevant impact on the extent to which routine access avoids separate two-factor-authentication steps.
d: 0.00

No linked atoms.

When products make passkeys the default, this would increase the extent to which routine access avoids separate two-factor-authentication steps mildly because some routine sign-ins can be completed without an extra second-factor prompt.
d: 1.00Σ +0.286
AtomWeight
Passkeys can replace separate two-factor authentication by incorporating the second factor into the credential, making 2FA obsolete.0.257ω=0.70
Passkeys are being adopted by all companies.0.029ω=0.10
When products make passkeys the default, this would increase the extent to which routine access avoids separate two-factor-authentication steps moderately because many users can authenticate in one step instead of managing both a primary credential and a separate second factor.
d: 3.00Σ +1.336
AtomWeight
Passkeys can replace separate two-factor authentication by incorporating the second factor into the credential, making 2FA obsolete.0.436ω=0.70
Passkeys are unlocked using device biometric methods such as Face ID or fingerprint scanning, often letting users sign in without remembering a password, especially on synced devices in the same ecosystem, similar to Apple Pay and phone unlocking.0.244ω=0.88
Chrome integrates passkey support with its password manager, enabling passkeys to be synchronized across a user's devices.0.235ω=0.96
Apple's ecosystem can sync passkeys across a user's devices in many cases.0.235ω=0.96
Authenticator apps for two-factor authentication are familiar to many users, but they can create access problems if the device storing the secret is lost before the secret is synchronized elsewhere.0.226ω=0.70
Many sites that offer passkeys still retain a password or SMS code as a backup authentication or recovery method.-0.089ω=0.40
Passkeys are being adopted by all companies.0.049ω=0.10
When products make passkeys the default, this would increase the extent to which routine access avoids separate two-factor-authentication steps strongly because most routine access no longer depends on a separate 2FA code or device.
d: 5.00Σ +1.746
AtomWeight
Passkeys can replace separate two-factor authentication by incorporating the second factor into the credential, making 2FA obsolete.0.630ω=0.70
Chrome integrates passkey support with its password manager, enabling passkeys to be synchronized across a user's devices.0.352ω=0.96
Apple's ecosystem can sync passkeys across a user's devices in many cases.0.352ω=0.96
Passkeys are unlocked using device biometric methods such as Face ID or fingerprint scanning, often letting users sign in without remembering a password, especially on synced devices in the same ecosystem, similar to Apple Pay and phone unlocking.0.344ω=0.88
Authenticator apps for two-factor authentication are familiar to many users, but they can create access problems if the device storing the secret is lost before the secret is synchronized elsewhere.0.318ω=0.70
European banking regulations such as PSD2 require multi-factor authentication for online banking, making password-only logins non-compliant in that context.-0.211
The WebAuthn protocol has undergone multiple iterations and is considered production-ready.0.207ω=0.91
Many reputable websites typically offer either a passkey login flow or a password-plus-two-factor-authentication login flow; in the latter case, intercepting the password alone is insufficient without the second-factor device.-0.183ω=0.70
Many sites that offer passkeys still retain a password or SMS code as a backup authentication or recovery method.-0.136ω=0.40
Passkeys are being adopted by all companies.0.072ω=0.10

Criterion sc4

Increasing resistance to account compromise relative to password- and magic-link-based access when products make passkeys the default.

Team A
L: 5.000
Null: When products make passkeys the default, this would have no relevant impact on resistance to account compromise relative to password- and magic-link-based access for reasons other than many products still keeping fallback or recovery routes that attackers can phish or abuse with roughly the same practical success as the pre-passkey login path, or the relevant non-passkey baseline already relying on password-manager-generated unique passwords combined with separate multi-factor or hardware-key protection.
d: 0.00

No linked atoms.

When products make passkeys the default, this would increase resistance to account compromise relative to password- and magic-link-based access mildly because fewer users rely on easily attacked passwords or emailed sign-in links.
d: 1.00Σ +1.372
AtomWeight
Passkeys are marketed as ending phishing.0.277
Passkeys are scoped to specific domains, providing phishing resistance so a lookalike site cannot obtain a reusable credential even if a user proceeds with the login flow.0.232ω=0.70
Passwords are the de facto standard authentication method today, and user-chosen memorized passwords are frequently weak, short, or reused across multiple sites, making password-based access more vulnerable to compromise than passkeys.0.206ω=0.70
The WebAuthn protocol has undergone multiple iterations and is considered production-ready.0.203ω=0.91
Passkeys can replace separate two-factor authentication by incorporating the second factor into the credential, making 2FA obsolete.0.183ω=0.70
Hardware security keys such as YubiKey provide stronger authentication security than software-based second factors like Google Authenticator or SMS codes.0.175ω=0.70
Magic-link authentication methods have known security risks, including susceptibility to phishing and link interception.0.164ω=0.55
Many sites that offer passkeys still retain a password or SMS code as a backup authentication or recovery method.-0.098ω=0.40
Passkeys are being adopted by all companies.0.030ω=0.10
When products make passkeys the default, this would increase resistance to account compromise relative to password- and magic-link-based access moderately because passkeys replace many typed-password logins, cannot be used on lookalike domains, and their absence on a phishing site can make fallback use more noticeable; where the fallback is password plus a separate second factor, capturing the password alone is not enough.
d: 3.00Σ +3.364
AtomWeight
Passkeys are marketed as ending phishing.0.440
Passkeys are scoped to specific domains, providing phishing resistance so a lookalike site cannot obtain a reusable credential even if a user proceeds with the login flow.0.437ω=0.70
The WebAuthn protocol has undergone multiple iterations and is considered production-ready.0.382ω=0.91
Passwords are the de facto standard authentication method today, and user-chosen memorized passwords are frequently weak, short, or reused across multiple sites, making password-based access more vulnerable to compromise than passkeys.0.372ω=0.70
Passkeys can replace separate two-factor authentication by incorporating the second factor into the credential, making 2FA obsolete.0.371ω=0.70
Chrome integrates passkey support with its password manager, enabling passkeys to be synchronized across a user's devices.0.319ω=0.96
Apple's ecosystem can sync passkeys across a user's devices in many cases.0.319ω=0.96
Magic-link authentication methods have known security risks, including susceptibility to phishing and link interception.0.300ω=0.55
Hardware security keys such as YubiKey provide stronger authentication security than software-based second factors like Google Authenticator or SMS codes.0.298ω=0.70
European banking regulations such as PSD2 require multi-factor authentication for online banking, making password-only logins non-compliant in that context.0.246
Many sites that offer passkeys still retain a password or SMS code as a backup authentication or recovery method.-0.172ω=0.40
Passkeys are being adopted by all companies.0.052ω=0.10
When products make passkeys the default, this would increase resistance to account compromise relative to password- and magic-link-based access strongly because ordinary sign-in flows would mostly stop depending on passwords and magic links, closing major attack paths tied to those methods.
d: 5.00Σ +4.823
AtomWeight
Passkeys are scoped to specific domains, providing phishing resistance so a lookalike site cannot obtain a reusable credential even if a user proceeds with the login flow.0.589ω=0.70
Passkeys are marketed as ending phishing.0.587
The WebAuthn protocol has undergone multiple iterations and is considered production-ready.0.549ω=0.91
Passwords are the de facto standard authentication method today, and user-chosen memorized passwords are frequently weak, short, or reused across multiple sites, making password-based access more vulnerable to compromise than passkeys.0.515ω=0.70
Passkeys can replace separate two-factor authentication by incorporating the second factor into the credential, making 2FA obsolete.0.513ω=0.70
Chrome integrates passkey support with its password manager, enabling passkeys to be synchronized across a user's devices.0.480ω=0.96
Apple's ecosystem can sync passkeys across a user's devices in many cases.0.480ω=0.96
Magic-link authentication methods have known security risks, including susceptibility to phishing and link interception.0.424ω=0.55
Hardware security keys such as YubiKey provide stronger authentication security than software-based second factors like Google Authenticator or SMS codes.0.397ω=0.70
European banking regulations such as PSD2 require multi-factor authentication for online banking, making password-only logins non-compliant in that context.0.317
Passkeys are unlocked using device biometric methods such as Face ID or fingerprint scanning, often letting users sign in without remembering a password, especially on synced devices in the same ecosystem, similar to Apple Pay and phone unlocking.0.296ω=0.88
Many sites that offer passkeys still retain a password or SMS code as a backup authentication or recovery method.-0.250ω=0.40
When a website does not support passkeys, browsers can display a message such as "no passkey for this website".-0.148ω=0.70
Passkeys are being adopted by all companies.0.074ω=0.10
When products make passkeys the default, this would have no relevant impact on resistance to account compromise relative to password- and magic-link-based access because many products still keep fallback or recovery routes that attackers can phish or abuse end-to-end with roughly the same practical success as the pre-passkey login path, so the passkey is bypassed rather than meaningfully raising the barrier.
d: 0.00Σ -0.486
AtomWeight
A memorized password can be entered on any phone or laptop with a keyboard, allowing access even if the user's primary device is lost or stolen.0.451
Passkeys are scoped to specific domains, providing phishing resistance so a lookalike site cannot obtain a reusable credential even if a user proceeds with the login flow.-0.326ω=0.70
Passkeys can replace separate two-factor authentication by incorporating the second factor into the credential, making 2FA obsolete.-0.318ω=0.70
Many sites that offer passkeys still retain a password or SMS code as a backup authentication or recovery method.0.309ω=0.40
Chrome integrates passkey support with its password manager, enabling passkeys to be synchronized across a user's devices.-0.267ω=0.96
Apple's ecosystem can sync passkeys across a user's devices in many cases.-0.267ω=0.96
Passkeys are marketed as ending phishing.-0.257
The WebAuthn protocol has undergone multiple iterations and is considered production-ready.-0.249ω=0.91
Passkeys are stored on a device, hardware key, or synced vault such as an operating system, browser, or third-party manager rather than in a user's memory; many users do not know where their passkey resides or lack backup access, so losing that device or vault without backup can lock them out of accounts that rely on that passkey.0.161ω=0.75
Support for passkeys varies across browsers, PWAs, devices, websites, and platforms, producing inconsistent experiences and making migration between ecosystems or passkey managers sometimes clumsy or impossible, especially in mixed-device setups.0.157ω=0.70
Password-manager applications can generate and store random long passwords and synchronize them across devices, but often require users to copy-paste credentials and can suffer from field-recognition failures and mismatched or differing URLs.0.121ω=0.55
When products make passkeys the default, this would have no relevant impact on resistance to account compromise relative to password- and magic-link-based access because, even without a weaker fallback route remaining, the relevant non-passkey baseline already relies on password-manager-generated unique passwords combined with separate multi-factor or hardware-key protection.
d: 0.00Σ +0.231
AtomWeight
European banking regulations such as PSD2 require multi-factor authentication for online banking, making password-only logins non-compliant in that context.0.482
Passwords are the de facto standard authentication method today, and user-chosen memorized passwords are frequently weak, short, or reused across multiple sites, making password-based access more vulnerable to compromise than passkeys.-0.319ω=0.70
Hardware security keys such as YubiKey provide stronger authentication security than software-based second factors like Google Authenticator or SMS codes.0.286ω=0.70
Password-manager applications can generate and store random long passwords and synchronize them across devices, but often require users to copy-paste credentials and can suffer from field-recognition failures and mismatched or differing URLs.0.236ω=0.55
Passkeys can replace separate two-factor authentication by incorporating the second factor into the credential, making 2FA obsolete.-0.231ω=0.70
Passkeys are scoped to specific domains, providing phishing resistance so a lookalike site cannot obtain a reusable credential even if a user proceeds with the login flow.-0.223ω=0.70

Criterion sc2

Increasing browser-, PWA-, and device-specific integration problems when products make passkeys the default.

Team B
L: 3.000
Null: When products make passkeys the default, this would have no relevant impact on browser-, PWA-, and device-specific integration problems for reasons other than the product being able to ship a native app that controls the authentication flow or mature WebAuthn support and integrated passkey management in ecosystems such as Chrome and Apple already covering many common browser and cross-device use cases.
d: 0.00

No linked atoms.

When products make passkeys the default, this would increase browser-, PWA-, and device-specific integration problems mildly because support varies across some device and browser combinations.
d: 1.00Σ -0.652
AtomWeight
Chrome integrates passkey support with its password manager, enabling passkeys to be synchronized across a user's devices.-0.315ω=0.96
Apple's ecosystem can sync passkeys across a user's devices in many cases.-0.315ω=0.96
The WebAuthn protocol has undergone multiple iterations and is considered production-ready.-0.253ω=0.91
Support for passkeys varies across browsers, PWAs, devices, websites, and platforms, producing inconsistent experiences and making migration between ecosystems or passkey managers sometimes clumsy or impossible, especially in mixed-device setups.0.231ω=0.70
When a website does not support passkeys, browsers can display a message such as "no passkey for this website".0.229ω=0.70
Native apps distributed via app stores can implement passkey authentication with full control, bypassing browser integration constraints.-0.194ω=0.85
Passkeys are being adopted by all companies.-0.037ω=0.10
When products make passkeys the default, this would increase browser-, PWA-, and device-specific integration problems moderately because web and PWA implementations differ enough across platforms that many products would need special handling or alternate flows.
d: 3.00Σ -1.360
AtomWeight
Chrome integrates passkey support with its password manager, enabling passkeys to be synchronized across a user's devices.-0.549ω=0.96
Apple's ecosystem can sync passkeys across a user's devices in many cases.-0.549ω=0.96
The WebAuthn protocol has undergone multiple iterations and is considered production-ready.-0.465ω=0.91
When a website does not support passkeys, browsers can display a message such as "no passkey for this website".0.393ω=0.70
Support for passkeys varies across browsers, PWAs, devices, websites, and platforms, producing inconsistent experiences and making migration between ecosystems or passkey managers sometimes clumsy or impossible, especially in mixed-device setups.0.383ω=0.70
Native apps distributed via app stores can implement passkey authentication with full control, bypassing browser integration constraints.-0.345ω=0.85
Many reputable websites typically offer either a passkey login flow or a password-plus-two-factor-authentication login flow; in the latter case, intercepting the password alone is insufficient without the second-factor device.-0.167ω=0.70
Passkeys are being adopted by all companies.-0.060ω=0.10
When products make passkeys the default, this would increase browser-, PWA-, and device-specific integration problems strongly because inconsistent browser and platform support would make default passkey access unreliable across a large share of real-world product setups.
d: 5.00Σ -2.004
AtomWeight
Chrome integrates passkey support with its password manager, enabling passkeys to be synchronized across a user's devices.-0.795ω=0.96
Apple's ecosystem can sync passkeys across a user's devices in many cases.-0.795ω=0.96
The WebAuthn protocol has undergone multiple iterations and is considered production-ready.-0.713ω=0.91
When a website does not support passkeys, browsers can display a message such as "no passkey for this website".0.568ω=0.70
Support for passkeys varies across browsers, PWAs, devices, websites, and platforms, producing inconsistent experiences and making migration between ecosystems or passkey managers sometimes clumsy or impossible, especially in mixed-device setups.0.559ω=0.70
Native apps distributed via app stores can implement passkey authentication with full control, bypassing browser integration constraints.-0.515ω=0.85
Many reputable websites typically offer either a passkey login flow or a password-plus-two-factor-authentication login flow; in the latter case, intercepting the password alone is insufficient without the second-factor device.-0.226ω=0.70
Passkeys are being adopted by all companies.-0.088ω=0.10
When products make passkeys the default, this would have no relevant impact on browser-, PWA-, and device-specific integration problems because the product can ship a native app that controls the authentication flow and avoids many browser constraints.
d: 0.00Σ +0.365
AtomWeight
Native apps distributed via app stores can implement passkey authentication with full control, bypassing browser integration constraints.0.604ω=0.85
Support for passkeys varies across browsers, PWAs, devices, websites, and platforms, producing inconsistent experiences and making migration between ecosystems or passkey managers sometimes clumsy or impossible, especially in mixed-device setups.-0.239ω=0.70
When products make passkeys the default, this would have no relevant impact on browser-, PWA-, and device-specific integration problems because even without relying on a native app, mature WebAuthn support and integrated passkey management in ecosystems such as Chrome and Apple already cover many common browser and cross-device use cases.
d: 0.00Σ +1.091
AtomWeight
Chrome integrates passkey support with its password manager, enabling passkeys to be synchronized across a user's devices.0.509ω=0.96
Apple's ecosystem can sync passkeys across a user's devices in many cases.0.509ω=0.96
The WebAuthn protocol has undergone multiple iterations and is considered production-ready.0.484ω=0.91
Support for passkeys varies across browsers, PWAs, devices, websites, and platforms, producing inconsistent experiences and making migration between ecosystems or passkey managers sometimes clumsy or impossible, especially in mixed-device setups.-0.286ω=0.70
When a website does not support passkeys, browsers can display a message such as "no passkey for this website".-0.148ω=0.70
Passkeys are being adopted by all companies.0.023ω=0.10

Criterion sc5

Increasing failures of access continuity for ordinary users when products make passkeys the default. Here, access continuity means keeping or regaining account access after device loss, device replacement, or ecosystem changes.

Team B
L: 5.000
Null: When products make passkeys the default, this would have no relevant impact on failures of access continuity for ordinary users after device loss, device replacement, or ecosystem changes.
d: 0.00

No linked atoms.

When products make passkeys the default, this would increase failures of access continuity mildly because synced vaults and fallback recovery cover most users, but some mixed-ecosystem or single-device users still hit confusing portability gaps.
d: 1.00Σ +0.141
AtomWeight
Passkeys are stored on a device, hardware key, or synced vault such as an operating system, browser, or third-party manager rather than in a user's memory; many users do not know where their passkey resides or lack backup access, so losing that device or vault without backup can lock them out of accounts that rely on that passkey.0.412ω=0.75
Chrome integrates passkey support with its password manager, enabling passkeys to be synchronized across a user's devices.-0.299ω=0.96
Apple's ecosystem can sync passkeys across a user's devices in many cases.-0.299ω=0.96
Support for passkeys varies across browsers, PWAs, devices, websites, and platforms, producing inconsistent experiences and making migration between ecosystems or passkey managers sometimes clumsy or impossible, especially in mixed-device setups.0.264ω=0.70
Authenticator apps for two-factor authentication are familiar to many users, but they can create access problems if the device storing the secret is lost before the secret is synchronized elsewhere.0.159ω=0.70
Many sites that offer passkeys still retain a password or SMS code as a backup authentication or recovery method.-0.098ω=0.40
When products make passkeys the default, this would increase failures of access continuity moderately because a substantial share of users depend on one device or one vendor ecosystem and need cumbersome recovery or alternate access flows when that setup is lost or changed.
d: 3.00Σ +0.458
AtomWeight
Passkeys are stored on a device, hardware key, or synced vault such as an operating system, browser, or third-party manager rather than in a user's memory; many users do not know where their passkey resides or lack backup access, so losing that device or vault without backup can lock them out of accounts that rely on that passkey.0.625ω=0.75
Chrome integrates passkey support with its password manager, enabling passkeys to be synchronized across a user's devices.-0.464ω=0.96
Apple's ecosystem can sync passkeys across a user's devices in many cases.-0.464ω=0.96
Support for passkeys varies across browsers, PWAs, devices, websites, and platforms, producing inconsistent experiences and making migration between ecosystems or passkey managers sometimes clumsy or impossible, especially in mixed-device setups.0.439ω=0.70
Authenticator apps for two-factor authentication are familiar to many users, but they can create access problems if the device storing the secret is lost before the secret is synchronized elsewhere.0.299ω=0.70
When a website does not support passkeys, browsers can display a message such as "no passkey for this website".0.187ω=0.70
Many sites that offer passkeys still retain a password or SMS code as a backup authentication or recovery method.-0.164ω=0.40
When products make passkeys the default, this would increase failures of access continuity strongly because many ordinary users do not know where their passkey is stored and lack backup devices or accessible synced vaults, so a lost phone or cross-ecosystem move can directly break account access.
d: 5.00Σ +0.079
AtomWeight
Passkeys are stored on a device, hardware key, or synced vault such as an operating system, browser, or third-party manager rather than in a user's memory; many users do not know where their passkey resides or lack backup access, so losing that device or vault without backup can lock them out of accounts that rely on that passkey.0.946ω=0.75
Chrome integrates passkey support with its password manager, enabling passkeys to be synchronized across a user's devices.-0.688ω=0.96
Apple's ecosystem can sync passkeys across a user's devices in many cases.-0.688ω=0.96
Support for passkeys varies across browsers, PWAs, devices, websites, and platforms, producing inconsistent experiences and making migration between ecosystems or passkey managers sometimes clumsy or impossible, especially in mixed-device setups.0.611ω=0.70
Authenticator apps for two-factor authentication are familiar to many users, but they can create access problems if the device storing the secret is lost before the secret is synchronized elsewhere.0.428ω=0.70
When a website does not support passkeys, browsers can display a message such as "no passkey for this website".0.261ω=0.70
Many sites that offer passkeys still retain a password or SMS code as a backup authentication or recovery method.-0.249ω=0.40
A memorized password can be entered on any phone or laptop with a keyboard, allowing access even if the user's primary device is lost or stolen.-0.239
Native apps distributed via app stores can implement passkey authentication with full control, bypassing browser integration constraints.-0.179ω=0.85
Password-manager applications can generate and store random long passwords and synchronize them across devices, but often require users to copy-paste credentials and can suffer from field-recognition failures and mismatched or differing URLs.-0.122ω=0.55

Compared against step 8 (comment 12rzfI).

Reset view