TOTP is based on shared secrets, just like passwords. As such, it’s susceptible to many of the issues passwords are and is much closer to passwords than passkeys. Passkeys on the other hand, don’t have shared secrets and operate completely differently under the hood.
No. It’s a completely different process. It’s a bad name for what it actually does. (Unless you’re talking about how computers do things, then EVERYTHING is numbers)
Look up public/private key pair encryption. It’s the process that has changed.
The problem with all these “what are passkeys” guides is that it’s difficult to convey the differences between password and passkeys if you don’t have a deep understanding of encryption or authentication systems.
That’s false, TOTP can and has been the target of man in the middle attacks, successfully. The implementation of passkeys makes man in middle attacks more difficult, but it could still happen. So both are susceptible to third parties to some degree.
As far as point of view, I was assuming we were talking about the process, since the goal of passkey UX is to be largely the ‘same as’. Which, to be frank, is way less dedicated since both the implementation of passwords and passkeys can vary widely (2fa, email, id, otp, etc). If we exclude those, the UX is the same - some users might be even using passkeys and not know it.