[jesseendahl]

There's nothing different about using a password vs. a passkey that makes it easier or harder for vendors to lock you out. I am not sure where this misconception comes from.

Whatever process a vendor requires someone to go through in order to gain access to someone's account when they pass away remains the same whether the user previously used a password or a passkey to login.

Are you aware of any vendor that actually does have differing policies based on the account's login credential type? I'm not aware of any.

[Macha]

Without passkeys:

The only one who can lock me out of my relationship with e.g. HN is HN.

With passkeys:

Now I can be locked out by HN or by the passkey provider.

Sure I could use a local passkey provider, but the protocol provides a way for the site to enforce a whitelist of passkey providers, so it's not clear that would be an option. Particularly for businesses like banks which tend to adopt an approach of "if a security restriction is possible, it should be applied". Or even just the typical tech PM perspective of "we want to include logos for the log in with X, and I think more than 5 logos is ugly so let's just whitelist Lastpass, 1password, Google, Microsoft and apple and be done with it"

[spencerflem]

If I want to move a password, I either already have it memorized or I find it in my manager and write it down.

If I want to move a passkey out of my Apple keychain, last I heard the answer is to just make a new passkey. The important part of the secret is 100% under their control. It makes me very squeamish