A new login technique is becoming available in 2023: the passkey. The passkey promises to solve phishing and prevent password reuse. But lots of smart and security-oriented folks are confused about what exactly a passkey is. There’s a good reason for that. A passkey is in some sense one of two (or three) different things, depending on how it’s stored.
I can see the “phone falls into the toilet” as a big problem that people will have.
Use a password manager that implements passkey like Bitwarden that syncs up to a server. Or you can host your own Bitwarden sync server with Vaultwarden if you don’t like the thought of a cloud sync.
As far as I know the Bitwarden browser plugin for Firefox does not yet support WebAuthn/Passkeys, as it’s still on the September release. Chrome is already on the October version. A build of Vaultwarden from yesterday onwards should support storing it, once your browser is ready.
It’s already a huge problem now. Lots of people only have one auth device they depend on for everything. At least passkeys come with standards which should help spread the use of vault sync and backups and hopefully those practices become the norm.
They mention it in here. I don’t know about Android, Apple synchronizes them between devices. The way they do it seems pretty secure but it is still less secure than the keys being untouchable. Using multiple will be a necessity.