so the thing about passkeys is...
it's two different technologies. it's an abstraction layer that treats them as the same when they are really, REALLY not
one of them is the older thing, the one you should actually want, where you have a hardware token and you use that to log in to things
the other is the new thing where Apple or Google or Microsoft manage all your logins for you, so that if you are ever at odds with those companies you're locked out of your entire life at once. efficient.