I mean... this is all 100% true, but the problem isn't the tech, it isn't the standard, it isn't even the implementation. It's Google and Apple's sizes and their ownership of browsers. There's only one solution here, it's antitrust action.
https://proton.me/blog/big-tech-passkeyBig Tech companies want to chain your passkey to their products. Enter Proton Pass, which allows you to manage and use passkeys across all devices seamlessly.
Son Nguyen (Proton)
Great article. The missing piece is that this is exactly what happened to OpenID decades ago.
If we had stood our ground on interoperability back then, there would be no need for passkeys now. There's nothing wrong with passwords at all, if you only need one or two, and each is only used on one system. If identity providers were independent, competitive, and universally supported, passwords would be fine. Then 2FA would be an interesting, but entirely different and less important conversation.
But here we are. We have no problems that can be solved with more technical standards. Anything we try just provides cover for bad actors.