What am I missing with passkeys?

lodaka Fair point, I did ignore the part about a hardware key. Personally I think that passwords are simply meaningless now. The modern lore of 2FA is "something you know and something you have". But "something you know" is no longer realistic because no reasonably high entropy password per account can be remembered by a human, and it is vital with passwords that they be unique across all accounts given how often password databases are compromised. So 2FA only makes sense if you assume the bad practice of a manually remembered, reused password across all accounts. Once you start talking about 30 character passwords, 2FA is just theater because you already have to have something in your possession ("something you have") that can unlock the stored 30 character password that is impossible to remember. So in your example the password on top of the yubikey serves no purpose, other than the fact that it's required by the current login infrastructure for the password to exist. In other words the yubikey by itself would be fine. Passkeys solve the problem by formalizing the agreement that "something you have" is now a requirement, and that's the end of it, no more 2FA. Trying to do all this via the current password infrastructure (as we all obviously are doing since we are here in the 1password forums) is fine, but it doesn't enforce good behavior by everyone since one can still just use a bad password.