Passkeys come in two fundamentally different architectures—device-bound and synced—each with distinct security models, recovery mechanisms, and trade-offs that organizations must understand to deploy phishing-resistant authentication effectively.
Getting to the bottom of the Conditional Access app picker and critical security implications you need to know.