This talk examines why password-based authentication continues to be the primary cause of account compromise, despite decades of improvements such as password managers, complexity rules, and multi-factor authentication (MFA).
It introduces passkeys as a structural change to authentication rather than another defensive layer, and explains how removing shared secrets fundamentally improves security while reducing user burden.
The goal is not to promote a specific product or platform, but to provide practitioners with a clear mental model of how passkeys work, why they are phishing-resistant by design, and how they fit into modern authentication architectures.