alt Hacker NewsSo in other words, Passkeys are over engineered and simply too complicated for most users.
Succumbing to lock-in can smooth some (but not all) rough edges and creates it's own restrictions and risks.
TOTP for the win --- it's the simpler practical alternative.
TOTP is really annoying IMO but at least you control it so you can make it one-factor again if it's foisted on you. I made a Chrome extension to do that:
https://chromewebstore.google.com/detail/lazyotp/eoihmklnjkn...