[sgk284]

> if someone steals my physical device, then they have full access

Apple protects passkeys via FaceID or TouchID. If you're satisfied with biometrics as a 2nd factor, then there is no regression in your scenario.

[Double_a_92]

But that's an extra thing that Apple does to store the passkey locally. It's not an inherent property of the passkey system.

Also that then leads to the situation that your passkeys are completely locked inside Apples ecosystem! (Or Googles, or Microsoft, or whatever...)