[acdha]

Your first assumption is dubious: Apple, Microsoft, and Google all have well-integrated support and usage is increasing on mainstream sites. It seems unlikely that there will be strong popular backlash against something which is easier to use in addition to being safer.

The second is flat out wrong. Passkeys and U3/F/FIDO2 do not depend on the user at all. Even if I completely fool you, the credential you get for example.com cannot be used on example.org because the protocol incorporates the host name. That’s why the security community is pushing them since phishing is so common and this shuts that down entirely. The attacks now tend to involve getting people to downgrade to password + SMS/TOTP so the more those fade from common usage the better everyone will be.