Obviously, A major point of failure for passkeys is the account recovery process when using passkeys across different operating systems and devices.
But there is more:
1. Passkeys sync across devices using the same operating system (e.g. iOS to iOS, Android to Android), but not across different OS platforms.
This could create a frustrating or even impossible user experience if someone has devices running different OSes.
2. Access to the a passkey collection is gated by the account used for that OS's cloud sync service (e.g. iCloud for Apple, Google Account for Android. If that cloud account is compromised, the attacker could potentially gain access to all synced passkeys.
3. For consumer applications, outsourcing account recovery to the OS vendors may be acceptable. However, for enterprise or high-security use cases, administrators may not be comfortable having vital access credentials tied solely to a third-party cloud account.
4. There are concerns around major OS/browser vendors controlling the critical infrastructure for accessing accounts if passkeys fully replace passwords.
This centralization could be viewed as a single point of failure.So while passkeys aim to improve security over passwords, the account recovery process across different devices/OSes and the reliance on third-party cloud services to sync and manage passkeys could introduce new points of failure.
These points of failure are solved by WiKey, especially for enterprise deployments, as WiKey provides a decentralized approach and a self service approach for the recovery of the passkeys.
The system's decentralized architecture and zero-knowledge cryptography mean that no sensitive information is stored on any central servers, significantly reducing the risk of data, or specifically passkey or identity breach.