/tag
A password is a secret you have to keep secret from everyone — including the server you have to share it with. That contradiction has been the root of every leak, phish, and reused-credential breach for thirty years. Passkeys fix it by never sending a secret at all: your device keeps a private key, the server keeps a useless public one, and phishing simply stops working.