> but I can't access a passkey-protected service from a friend's phone either.
You can use passkeys across devices. I've logged into sites for people using passkeys on other devices several times. I just tap or plug in my device to theirs when it asks for the passkey and it logs in.
Nor can you access a modern site from their phone unless you have a Yubikey, access to SMS, or a recovery code.
If you need to do this, it works the same for a passkey: if it’s a very close friend, you can share the passkey with them. If not, you can use the same login you’re now with the same MFA. Passkeys don’t need 100% adoption to be effective: the big win is blocking phishing attacks and that works as long as you’re not using passwords by default.
You can use passkeys across devices. I've logged into sites for people using passkeys on other devices several times. I just tap or plug in my device to theirs when it asks for the passkey and it logs in.