Personally I like the idea of passkeys. However, it needs some sort of easy to export like 2FA seeds, or even BIP39 that some cryptocurrency wallets uses.
The seemingly non-transparent (or was there none?) way to backup to a cold storage (e.g., printed and locked in a physical safe) turns me off.
---
> lack of identifying passkey provider attestation (which would allow RPs to block you, and something that I have previously rallied against but rethinking as of late because of these situations). [1]
There is a possibility websites will only allow approved password managers to create/interact with passkeys with attestation, something that is not a problem with the common TOTP + Password or other authentication methods.
Attestation (perhaps targeted for enterprise usage?) but should be a separate spec/extension or something.
[1]: https://github.com/keepassxreboot/keepassxc/issues/10407#iss...
> Personally I like the idea of passkeys. However, it needs some sort of easy to export
Some passkey implementations can be exported (synced), some can't. By design. E.g. I don't want my Yubikeys to export the private keys, ever.