The industry is shifting from usernames and passwords to passkeys, aiming to improve consumer security. However, the underlying passkey standard has peculiarities that enable potential issues for users. One concern is the attestation system, which allows authenticators to reveal their type to websites. This has been used by governments, like Austria, to restrict access to essential services to only whitelisted hardware tokens, excluding software-based authenticators. While major companies like Apple and Google do not expose attestation data in their consumer passkey authenticators, they may do so for enterprise use. Another significant problem is the lack of private key export between authentication managers, leading to vendor lock-in. Services are increasingly tied to specific ecosystems, making migration difficult, especially for those who cannot afford paid password managers. Passkeys are also being adopted through sneaky onboarding processes, where users are enrolled without explicit notification. This can create difficulties when trying to move between device ecosystems. The increasing reliance on tech giants raises concerns about account termination and loss of data access, with limited recourse. The inability to easily manage accounts for deceased or incapacitated individuals is also a growing issue. Furthermore, the complexity of modern authentication systems, including OAuth, makes it harder for individuals and open-source projects to build and integrate services from scratch. This shift away from simpler authentication methods leads to increased dependence on corporations and a potential loss of individual agency. The author expresses concern about this trend, noting the increased time spent on authentication and a growing reliance on complex systems controlled by tech giants, while acknowledging the evolving nature of digital security.