Ah you’re referring to passkeys and domains in this regard. A change wouldn’t be an issue and would be covered by a standard like related origins request mentioned above.
A permanent domain loss on the other hand would be an issue, which indeed would require something like a technical in-depth workaround such as a local dns with trusted ssl cert setup for recovery.
As you’ve proposed, saving multiple recovery passkeys assigned to multiple domains does spread the risk a bit, but doesn’t alleviate it sadly. At this moment the only reliable recovery method not tied to DNS would be the recovery phrase.
Just to clarify, recovery methods are primarily designed as a recovery method from a user perspective instead of disaster recovery perspective (e.g. domain loss). Back in time, when II was created, this made sense when passkeys weren’t synced yet across most devices and devices could be lost.
Now with synced passkeys, the definition of recovery has changed. We’re already looking into what this means in regards of account recovery flows within II. If there are any updates or plans in this regard, they’ll be shared here on the forum.
In relation to the topic of account access/recovery, see the announcement post regarding OpenID integration: Integrating OpenID Providers into Internet Identity
And yes, if you’d like to continue this specific topic, let’s do that in another thread as you’ve suggested indeed 