[drdaeman]

I don't think password reuse is the common vector - I believe the most common one is phishing, where user is tricked into giving up their current credentials, straight for the service that attacker is interested in. But I can be wrong. And, yeah, it is an improvement for sure.

You're definitely right that passkeys drastically improve the bottom line security for the least protected folks (which are probably the majority). It is a step in the right direction, for sure. But they also make things worse for me - someone who uses different random high-entropy passwords for almost everything except local sudo and unlock PIN codes. I want to use PKI instead of shared secrets, but when I try - it's extremely inconvenient, so I know at some point I'll just give up. This, and the fact that my bottom line is not moving up at all - it still remains the same, limited by recovery processes' security - is frustrating.