Let’s start with a smartphone. A user creates an account with a passkey for a service, that passkey gets stored on their smartphone, and they can use biometrics to sign in from then on. The private key is stored on the smartphone. Great.
But then how do you sign into that same service from a different device?
If it’s by using a password manager, some third party piece of software, How do you sign in on a device where you’re not allowed to install third party software?
I use 1Password as my Passkey holder so it’s device agnostic. But if 1Password ever pulls a LastPass, it won’t seem like a clever solution anymore.
1Password can’t fail that hard easily. They’ve done great write-ups to compare their architecture to that of LastPass. Long story short: it’s the secret key that protects you: https://blog.1password.com/what-the-secret-key-does/