Passkeys are built on the FIDO2 standard (CTAP2 + WebAuthn standards). They remove the shared secret, stop phishing at the source, and make credential-stuffing useless.
But adoption is still low, and interoperability between Apple, Google, and Microsoft isn’t seamless.
I broke down how passkeys work, their strengths, and what’s still missing
I have a couple in my Bitwarden (Vaultwarden)
But I already have issues with Android trying to force me to use the system Passkey provider, and companies like Apple only supporting their own device’s built in manager for Apple accounts.