[1oooqooq]

> it's impossible to start a new passkey provider because you'll never get 1000s of websites to put you on their allowlist.

You ignore history. and human nature.

Everyone will just hardcode a big `if microsoft || google || apple` and call it a day. And over time local gov will require companies under their TLD also add gov.TLD and that will be status quo forever.

As other commenters mentioned, EU official login (which accepts SMS but not TOTP!!!) already works with passkeys with only weird approved devices (mostly android/ios apps which try very hard to detect non-stock roms)