There's nothing to backup/import. If you have an iPhone, you use your fingerprint or Face ID. If you sell your iPhone and buy an Android, you use your fingerprint or face recognition on that device.
That doesn’t sound correct. It’s not the finger print which identifies you to the website, it’s the public private keypair.
The private key is stored in the device’s Secure Enclave. It’s the face and fingerprint recognition which authenticates to the Secure Enclave in order to retrieve the private key.
When purchasing an android phone, you do need to sync the private key to the new device. Hence Passkey, which uses iCloud as its secure and authenticated syncing scheme.
I haven't dug into the docs yet, but I don't quite follow this. How does it know that the ex-iPhone owner and current Android owner are the same person (and should have access to the same account)?
If you did switch ecosystems, you'd probably need to do the whole re-enroll dance on every website that had your previous key. I don't see any sort of passkey backup/import functionality coming anytime soon simply because people don't change ecosystems that often, and those that do can simply keep both their iCloud and Android-based passkeys on services.
Passkey works on non-Apple devices by showing a QR code on that device, having the iPhone scan it, then a BLE connection being established to allow the phone to remotely sign webauthn requests. I only mention ‘switching ecosystems’ in the sense of moving between Apple and Android mobile devices.
I know it does not. It's in the Cloud. I was referring to SIM and phone number when I was thinking potential way to recover.
Can you explain how a person can login into their iCloud and recover their iCloud Keychain after they have lost their only Apple device (iPhone) if Apple Passkey needed to access iCloud?
The private key is stored in the device’s Secure Enclave. It’s the face and fingerprint recognition which authenticates to the Secure Enclave in order to retrieve the private key.
When purchasing an android phone, you do need to sync the private key to the new device. Hence Passkey, which uses iCloud as its secure and authenticated syncing scheme.