<p><span class="h-card" translate="no"><a href="https://mastodon.social/@whitequark" class="u-url mention">@<span>whitequark</span></a></span> <span class="h-card" translate="no"><a href="https://hachyderm.io/@dalias" class="u-url mention">@<span>dalias</span></a></span> <span class="h-card" translate="no"><a href="https://orbital.horse/@emma" class="u-url mention">@<span>emma</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@mcc" class="u-url mention">@<span>mcc</span></a></span> </p><p>- there are people who demonstrably cannot maintain continuity of access to a passkey vault; they require password-based access to services they use</p><p>- these people are often in desperate and vulnerable situations</p><p>- higher-security mechanisms like passkeys (and MFA) should *usually* not be mandatory, in part to accommodate such people</p><p>- in certain scenarios, where higher security is required, requiring them is reasonable, which means those people get excluded</p>