Sadly, WebAuthn is also becoming a victim in the same way (at least on iOS).
The expectation is that WebAuthn private keys are stored in the secure enclave, which would be a comparable security guarantee to YubiKeys and other hardware devices.
"Passkeys" are now forcibly synced via iCloud, you can't use WebAuthn on iOS without enabling iCloud Keychain.
Huh, thanks, I wrongly assumed that Passkeys inherited WebAuthn’s attestations for hardware-backed keys. I guess organizations will need to ban Passkeys internally.
The expectation is that WebAuthn private keys are stored in the secure enclave, which would be a comparable security guarantee to YubiKeys and other hardware devices.
"Passkeys" are now forcibly synced via iCloud, you can't use WebAuthn on iOS without enabling iCloud Keychain.