Product

It sounds like people’s biggest knock against passkeys is that where they are stored is siloed to the Apple or Android ecosystem, so when a user changes platforms, they have a hard time accessing. 

This seems fairly edge case, solvable via a migration tool, and not a good enough reason to lose the ease of passkeys.

summoning /daylight | kylemccollom.com | we are hiring: careers.daylight.xyz

this, and, there's a deeper single point of failure concern if the relaying party (ie domain issuing the challenge) were to go offline. afaik passkeys are scoped exclusively to the relaying party (hence their security).

getting the right mix of hardness and usability with passkeys is non trivial...