别再用 Passkey 加密用户数据了：Tim Cappalli 发出强烈警告

27th February 2026 - Link Blog

[Please, please, please stop using passkeys for encrypting user data](https://blog.timcappalli.me/p/passkeys-prf-warning/) ([via](https://lobste.rs/s/tf8j5h/please_stop_using_passkeys_for "lobste.rs")) Because users lose their passkeys _all the time_, and may not understand that their data has been irreversibly encrypted using them and can no longer be recovered.

Tim Cappalli:

> To the wider identity industry: _please stop promoting and using passkeys to encrypt user data. I’m begging you. Let them be great, phishing-resistant authentication credentials_.

Posted [27th February 2026](https://simonwillison.net/2026/Feb/27/) at 10:49 pm