Passkeys are DOA, because websites seem to prefer to outsource them to a third party rather than doing the hard work of implementing passkeys as a first party, on the same domain as the website. This makes phishing possible, and therefore passkeys just as vulnerable as passwords.
