Depends on the recovery mechanism. Providing a government credential with a live selfie is the gold standard. If a company doesn't support that, they're being cheap at the cost of security (you can perform such an identity proof for ~$1-2/per successful proof through a vendor like Stripe Identity or ID.me).
Passkeys solves for digital identity compromise (credential theft or stuffing/spraying), but you must rely on other mechanisms (such as a I mention above) if you want to elevate identity assurance higher in the event of credential loss.
(consumer IAM is a component of my work at a fintech; auth/creds security, passkey rollout, high identity confidence when an account is recovered, etc)
How do I actually give them my real government document with it's physical security features through the internet? Just take a grainy photo of it? Really secure!
Passkeys solves for digital identity compromise (credential theft or stuffing/spraying), but you must rely on other mechanisms (such as a I mention above) if you want to elevate identity assurance higher in the event of credential loss.
(consumer IAM is a component of my work at a fintech; auth/creds security, passkey rollout, high identity confidence when an account is recovered, etc)