Question
Design a passkey (WebAuthn/FIDO2) authentication system to replace passwords for a 100M-user consumer product, while keeping a graceful fallback for users who lose their device or are on an unsupported platform. Requirements: phishing-resistant login, credentials sync across a user's devices, and account recovery that doesn't reintroduce a phishable shared secret. Walk through registration and login, where the public-key credentials live and how they're looked up at login, the cross-device/sync story, and the hardest problem — account recovery.
Clarify scale and constraints first. Propose a clean component breakdown, then go deep on the hard parts — data model, bottlenecks, consistency, failure modes — and name the trade-offs you are making.