[loeg]

From a practical perspective, passkeys are mostly identical to passwords where (1) secret generation is guaranteed to be strong, random, and unique; (2) they're tied to a specific site, so they can't be phished; and (3) filling is standardized and therefore ergonomic. If your passwords have those properties, passkeys aren't really an improvement for you. The main benefit to savvy consumers is that websites can trust that your passkeys are actually high quality and treat them as a primary authentication mechanism, instead of only a weak factor in an MFA system. And of course the huge huge benefit to most (unsavvy) consumers is that, you know, they're actually secure/unique and phishing-resistant.

[udev4096]

Normal passwords can be phished, no matter how strong it is. The weak link is always a careless human. Passkeys are definitely a huge improvement for everyone, apart from the vendor-lock in which can be avoided

[loeg]

You can get around it, of course, but password managers are aware of the correct domain for a password and will only auto fill it into a form on the right domain. This is phishing-resistant. I'm not saying it's perfect, and I'm a big passkeys advocate. But "randomly generated password auto-filled by 1password" already meets many of the same benefits as passkeys, kinda, so long as auto-fill works on that particular website. Passkeys, in addition to stronger versions of those properties, also provide (1) ergonomics/standardization ("fill" works everywhere) and (2) sites can trust them to be strong.