[theamk]

if I am reading right, any time you set up passkeys on a web site, you add half-a-dozen passkeys from various services? Yeah, this sounds totally impractical to me.

Have you considered stopping using passkeys and using strong passwords stored in password manager instead? You will have approximately same level of security:

- Either way, if one site is compromised other sites are not affected (because password managers have site-per-password)

- Either way, you will be phishing-protected (because password managers autofill based on host name, and you are smart enough not to override it)

- Either way, it'll be game over if you get a malware on your computer (because it will steal your passkey out of 1password)

... but your UX for new website would be dramatically simpler.

[vel0city]

It's not much of a hassle. I'll add at least two when I want to start using a passkeys for a site. So maybe add a passkeys to the phone and to my keychain device. Then, next time I use the service on my laptop, I'll sign in with either my phone or keyring (whatever happens to be closer) and make one there. Then next time I want to use the service on my desktop I'll sign in with whatever I've got nearby and add my desktop and the token in my desk drawer. And maybe my password manager also has a passkeys, added somewhere in there.

It's not like every time I sign up for a new site I have to drop everything right at that instant and go add a passkey to every single device I own.