FWIW, I had a conversation with an AI about passkeys. Seems to me like there are real potential benefits to (1) companies that implement them, (2) people with bad password practices, and (3) people who use one or two devices, like a laptop and a phone, or a tablet and phone.
I suspect the lion's share of benefits here go to (1) and I could not possibly care less about that.
I recognize that (2) is a huge group of people, but I'm not in it.
For people in (3), it might work pretty well especially if both are from the same company. For example, if you only ever use an iPad and an iPhone, passkeys might work out pretty well. But I'm not in that group, either.
FWIW, I think the article "Passkeys: they're not perfect but they're getting better" at the NCSC web site is a pretty fair assessment of the current state of things.
I certainly understand and appreciate the benefits of key-based authentication: been using ssh keys for decades, wouldn't go back to password auth in that context for anything.
But I don't really see passkeys in the much wider context of web authentication for the broadest possible audience has having all the kinks worked out yet.
I suspect the lion's share of benefits here go to (1) and I could not possibly care less about that.
I recognize that (2) is a huge group of people, but I'm not in it.
For people in (3), it might work pretty well especially if both are from the same company. For example, if you only ever use an iPad and an iPhone, passkeys might work out pretty well. But I'm not in that group, either.
I'm gonna keep ignoring them as long as possible.