A new login technique is becoming available in 2023: the passkey. The passkey promises to solve phishing and prevent password reuse. But lots of smart and security-oriented folks are confused about what exactly a passkey is. There’s a good reason for that. A passkey is in some sense one of two (or three) different things, depending on how it’s stored.
If they get your password they can impersonate you to the server. They can’t do that with just the public key part of your passkey.
That’s true.
Ideally my password should be hashed and salted anyways, so that shouldn’t make a huge difference.