Passkey UX is absolutely terrible. It's unclear what is happening, what is being stored where (do you have my passkey? do I? is it in my browser? is it on my phone?), how communication is happening between devices, etc. Also nobody seems to explain what exactly a passkey is. Where's the thing I can point at and say "that's your passkey"?
I didn't understand it either, but on the "Security Now" podcast Steve said it's basically like using a FIDO2 key but virtualized in software. As I've used a yubikey and understand public/private keys (with ssh) I now have a vague idea.
As the sibiling comment alludes, FLOSS projects have been threatened for allowing (part of?) the key to be exported!
Passkey UX is absolutely terrible. It's unclear what is happening, what is being stored where (do you have my passkey? do I? is it in my browser? is it on my phone?), how communication is happening between devices, etc. Also nobody seems to explain what exactly a passkey is. Where's the thing I can point at and say "that's your passkey"?