Industry Urged To Stop Using Passkeys
Tim Cappalli posted on Link Blog on Feb. 27, 2026, urging the identity industry to stop using passkeys to encrypt user data. He argues that passkeys, while excellent for phishing-resistant authentication, are frequently lost by users, making encrypted data irrecoverable without robust recovery mechanisms. The post recommends keeping passkeys for authentication only and adopting separate key-recovery or custodial solutions.
Key Points
- 1Urges industry to stop using passkeys for encrypting user data due to recoverability risks
- 2Highlights that users frequently lose passkeys, making encrypted data irretrievable without secondary recovery
- 3Warns practitioners to avoid passkey-based encryption and adopt separate key-recovery or custodial solutions
Scoring Rationale
Actionable industry guidance with firsthand observations, limited by single-author opinion and lack of empirical data.
Sources
Public references used for this report.
Practice interview problems based on real data
1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems

