[tdpvb]

Right, but I imagine most sites will continue to use third-party authorization for passkeys, similar to Okto, Auth0, et al? They'd even be incentived to do so if it meant more granular user profiling -- all alongside third-party guarantees of "real verification", etc.

[dustyventure]

What 3rd party password/passkey manager you use is not the business of a site unlike when they list allowed single sign-on OAuth vendors.. And using the managers is an alternative to using a secure enclave correctly.

Monopolists will try to erode options and force everything on to their platform but if they didn't succeed with OAuth I don't see them being further ahead with warping the fido standards to be like it.