I got promoted today to try using Passkeys on Github.com. Fine π I did that, but I discovered that when you use your Passkey to login, Chrome prompts you for your deviceβs password (i.e: The password you use to login to your macOS Desktop). Is that intentional? Kind of defeats the point no? I mean sure, now thereβs no Password being transmitted, stored or presented to Github.com but still, all an attacker has to do is somehow be on my device and know my login password to my device right? Is that better or worse? π€