Question
Design a passwordless authentication system built on WebAuthn/FIDO2 passkeys for a consumer platform with 80M users across web, iOS, and Android. It must support multiple passkeys per account, cross-device sign-in, account recovery without falling back to passwords, and resist phishing entirely. Threat model: phishing/AITM proxies, SIM-swap on any SMS fallback, lost-device lockout, and a leaked credential database. Constraints: sign-in p99 under 500ms, must interoperate with synced passkeys (iCloud/Google) and hardware security keys. Cover registration, the credential store, recovery, and the phishing-resistance property.
Clarify scale and constraints first. Propose a clean component breakdown, then go deep on the hard parts — data model, bottlenecks, consistency, failure modes — and name the trade-offs you are making.