Question
Design the server side of a passkey system that must support BOTH synced passkeys (a credential that follows the user across their devices via a platform/cloud keychain) and device-bound passkeys (hardware-backed, never leaves the device — required for high-assurance enterprise tenants), for a 150M-user identity provider. The model must let a user register many credentials, let enterprise admins require device-bound + attestation, and handle the recovery nightmare: a user who loses their only device. Discuss the credential data model, how you distinguish synced vs device-bound at registration, attestation, and a recovery path that doesn't reopen a phishing hole.
Clarify scale and constraints first. Propose a clean component breakdown, then go deep on the hard parts — data model, bottlenecks, consistency, failure modes — and name the trade-offs you are making.