They’re better than passwords in that they really are phishing proof and well they are basically RSA key pairs that are generated, so they are naturally brute force resistant. Great for the majority because most people reuse their crappy password over and over again, ignorant of the fact that password managers exist just because they have to spend 10 seconds more to press buttons to generate a password and store them in the db. The tech is great as long as the user knows how to keep them safe.

HOWEVER: Since third party password managers (like Bitwarden, 1Pass, etc.) just recently started to provide support for passkeys, alot of people who wanted to use passkey on first release were locked into big tech bros like Google on Android and Apple on iOS’ solutions. And well that’s not good at all. The tech is great though, I’m all for it. You just need to know where to store them. Ideally, I’d store them offline on my device and that exists already but not on Linux (afaik) nor on Android are they a reality yet.

^They definitely are not more than secure than my yubikey though.^